To return expected results, you can:

Reduce the number of search terms. Each term you use focuses the search further.

Check your spelling. A single misspelled or incorrectly typed term can change your result.

Try substituting synonyms for your original terms. For example, instead of searching for "java classes", try "java training"

Did you search for an IBM acquired or sold product ? If so, follow the appropriate link below to find the content you need.

Abstract

Fixes for WebSphere Application Server Liberty are delivered in fix packs periodically.  This is a complete listing of all the fixes for Liberty with the latest fixes at the top.
New fix pack numbering was introduced starting 16.0.0.2. Fix pack 16.0.0.2 for WebSphere Application Server Liberty is the first of a series of common Liberty levels that apply to both Version 8.5 and Version 9.0 of WebSphere Application Server on all supported platforms.

28609 Deadlock occurs when system runs out of memory and both System Err and System Out streams are in use at the same time 29055 Fix Part#Write Location for Abolsute FileName Paths 29477 Trailer fields are missing in HttpServletResponse after some time 29555 weld 5.1.1.SP1 has a memory leak and should be updated to (at least) 5.1.1.SP2 29556 Resource Leakage File Handlers to tranlog directory 29584 Webcontainer exceptions are emitted with FFDCS as of 24.0.0.9 with monitor-1.0 29591 Using the mpTelemetry-1.1 feature in a z/OS Connect server on Zos leads to FFDCs PH58796 IBM WebSphere Application Server Liberty is vulnerable to information disclosure (CVE-2023-50314 CVSS 5.3) PH62686 OLGH29127 WS-AT fails when downstream runtime is non-Liberty PH62693 Provide better error when user try to deploy server package using invalid extension PH62695 OLGH29124 JAX-RS Dynamic Outbound SSL Regression 26171 @Transactional may throw a checked exception which is not allowed according to the interceptor specification #26171 26886 java.lang.IllegalStateException Subject is read-only from WebAppFilterManager.invokeFilters 29037 StackOverflowError when tracing restfulWs-3.1 29124 [PH62695] jaxrs Regression by #27782 29127 [PH62686] WS-AT fails when downstream server is non-Liberty 29221 openid connect client feature fails SRVE0216E post body contains less bytes than specified by content-length 29277 CDI does not set the TCCL during shutdown 29288 Update WadlGenerator to explicitly only return the stylesheet 29306 App fails to start with NPE when restore/deploy to OCP a checkpoint app image with authCache 29381 org.omg.CORBA.BAD_PARAM when Yoko trace is enabled 29432 OpenLiberty Database Session Replication - org.jboss.weld.module.web.HttpSessionBean$SerializableProxy - ClassNotFoundException 28698 MYFACES-4672 Ajax MultiPart File Upload Encounters 'Uncaught TypeError G.hasKey is not a function' 28961 JAX-WS Client does not Auto redirect when connecting to a WSDL URL 29083 Port MYFACES-4423 to Liberty (oam.Flash.REDIRECT should not be set when Flash is disabled) 29086 JWK parsing does not tolerate leading whitespace 29144 Cannot make JAX-WS request for gzip Content-Encoding 29165 Platform OpenAPI endpoints don't set security headers 28515 Warning "Validation not enabled for module" when persistenceContainer-3.1 + beanValidation-3.0 28615 Regression with jaxb / WADL2java 28652 FFDC for index out of bounds in web container, WebApp.handleRequest() 28716 Admin Center Server Config tool does not work to save changes using source view 28814 In an edge case OpenTelemetry does not honour the priority of mpConfig ConfigSources 28877 Memory leak in JAXRSClientConfigHolder PH59682 IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354 CVSS 7.0) PH61042 PH59682 regressed the tag in pages-3.0 and productInfo -validate fails PH61110 APIDiscovery delay processing if aggregator not yet active 28414 Classloading issue involving JAXBContext and JAXBContextFactory with webProfile-10.0 27858 JspOption jdkSourceLevel Disabled Unintentionally 28118 Port MYFACES-4658 28235 Enabling openidConnectClient feature causes the body request not to be forwarded to the application's servlet (starting from WLP 24.0.0.3) 28280 If an application fails to start when doing a checkpoint the checkpoint still succeeds 28350 J2CA0081E Method destroy failed occurs during server shutdown 28421 Bump netty dependencies to 4.1.109.Final 28431 Generate Set-Cookie from the SessionCookieConfig may not include additional attributes 28459 GRPC connections hang with security enabled 28475 Environment variables not available during service startup within Kubernetes/OpenShift 28479 Invalid JASPIC warning CWWKS1652A in log when AuthResult.SEND_SUCCESS is received from the JASPIC provider 28493 restfulWS-3.1 Headers with multiple values in a multipart (EntityPart) object held are held in a List of size 1 28552 NoClassDefFoundError org/apache/commons/io/input/NullInputStream when using collectives file transfer 28521 XML Binding 4.0: Remove RI from TCCL PH59146 IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-22353 CVSS 5.9) PH59781 IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service (CVE-2024-25026 CVSS 5.9) PH60146 IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-27268 CVSS 5.9) 28160 CWWKE0701E bundle com.ibm.ws.ssl ... The activate method has thrown an exception java.lang.ExceptionInInitializerError 28248 Overflowing the usecount of the OSGi service 28285 JPQLException Syntax error parsing 28344 SSO should not use application/json on request to JWK PH59117 IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery (CVE-2024-22329 CVSS 4.3) PH60149 IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270 CVSS 4.7) PH60199 IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j (CVE-2023-51775 CVSS 7.5) PH60642 Updates to API Discovery Swagger UI PH60644 Add Support for CICS 6.1 in WebSphere Optimized local adapters for WebSphere Liberty PH60659 OLGH27886: NullPointerException can occur in Kernel ClassLoader 27833 JAX-RS and RestfulWS monitor bundles' filters are still creating objects when REST is filtered out of monitor-1.0 27886 NullPointerException can occur in Kernel ClassLoader 27900 NullPointerException may occur for HTTPs requests to WebContainer 27971 WLP_INSTALL_DIR set incorrectly when wlp/bin is a symbolic link PH60113 IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-50312 CVSS 5.3) PH60182 Liberty 23.0.0.6 connect via WOLA failing if IMS DBCTL enabled 26590 Latest gRPC code levels and the IBM gRPC Servlet code are no longer an exact fit for flushes 27077 FeatureUtility returns 403 if repo pwd is encoded 27218 cfw performance update 27652 Windows server command doesn't handle space in path unless JAVA_HOME set 27659 CWWKS9590W warning message shows up with some newer ciphers are configured 27667 Fix for CWWKS9590W Warning 27135 SessionCache does not work after upgrading to 23.0.0.10 27715 Job can not be purged when using the Java batch In-Memory Persistence 27716 runAsServer before signing/verifying jws and encrypting/decrypting jwe 27777 Parameters are not replaced in error message CWMMH0050E in french language 26680 io.openliberty.cdi.4.0.internal.services.fragment bundle cannot resolve dynamically against the host bundle 26939 Delete lease when peer recovery is unnecessary 27290 [JPA 2.2] EclipseLink Deliver Issue #1981 27294 Memory leak in CXF caused by large number of PidInfo objects 27396 Handling of locked Transaction Log Lease Table needs improvment 27398 Server start fails on OS/400 27421 Resource adapter install fails due to ArrayIndexOutOfBoundsException 27588 EclipseLink for JPA 3.1 may encounter IllegalArgumentException Unsupported api 0 25135 jakarta.el.ELException The class [...] must be public, in an exported package, non-abstract and not an interface 26342 ReactiveMessaging "CDI container is not available" 26831 Bad value in ApplicationManager config cause ApplicationManager service to fail 26832 Server should be able to reclaim its recovery logs on startup 26844 Deadlock reported in sipcontainer when proxybranch times out 27008 [PH55398] [OLGH26221] Port MYFACES-4606 (updated fix) 27062 CWWKC1101E IllegalStateException CWWKC1013E Unable to start task null because the component in application WEB that submitted it is unavailable 27080 Liberty SAML SP fails to generate response to the IdP initiated logout request 27093 mpMetrics-5.0 Feature Returns Response in ISO-8859-1 Instead of UTF-8 when Accessing /metrics Endpoint 27159 Upgrade Jackson 1.6.2 Dependency 27191 On z/OS server start from the bin directory fails 27204 Slow performance in DirectoryRepositoryClient 27208 Date format in log files includes an extra trailing space character with Java versions 20 or later 27249 PasswordUtil throws NullPointerException on certain input Liberty to send the resource parameter during the Authorization request for the Authorization Code Flow Obtain the Role Information from the Access Token / OIDC Configuration PH57878 IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-44487 CVSS 7.5) PH57933 IBM WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario (CVE-2023-44483 CVSS 6.5) 26809 Lease timestamp not updated for home server when recoveryGroups and tran logs in a database is configured and database outage > couple of seconds occurs 26818 Processing dir files alphabetically does not match configDropins behavior 26846 JAX-WS After upgrade to WLP 23.0.0.9 SOAP client generates a SOAP header part in the SOAP body 26893 Space in value of -D option in jvm.options breaks server package command 26911 Registered RestClientBuilderListeners are not called for injected rest client instances for MP Rest Client 1.x and 2.x 26942 Liberty startup script does not resolve symbolic link to bin directory 26943 NO_USER_REGISTRY message is not output properly 26596 Memory Leak in com.ibm.ws.request.interrupt.internal.InterruptibleThreadInfrastructureImpl 26609 CDI will not create an EJBDescriptor for archive containing bean-discovery-mode=none 26636 JAX-WS: @WebFault annotated Exceptions are not properly serialized as SOAPFaults on 22.0.0.8 and above 26683 Component metadata is not present during CDI Startup events PH55995 [OLGH26267] Login or Authentication may fail on Z/os when using the IBMJCEHYBRID provider PH56266 [OLGH25997] Correction fix to PH42468 to remove delay in closing connection in Websocket application PH56959 Null Pointer Exception when defining empty routing rule PH57076 [OLGH26341] Failure at server startup of bundle COM.IBM.WS.SECURITY.TOKEN.LTPA PH57263 [OLGH26357] Springboot 3 thin utility may cause NOCLASSDEFFOUND error 25759 Enable user to set CXF's useHttpsURLConnectionDefaultSslSocketFactory property for outbound JAX-RS Client Requests 25640 WithSpanInterceptor doesn't call instrumentation.end() 25781 Liberty cannot be immediately restarted after stopping with localConnector-1.0 feature on Windows with hotspot 25855 When two apps are configured with the same context root, neither is reachable 25997 Websocket close delay 26023 Liberty 23.0.0.9 - 6% Performance Throughput Regression on MicroProfile 6 OpenAPI scenario 26054 CDI can throw NullPointerException if application startup fails 26076 Thread safety issues in com.ibm.ws.jaxrs20.cdi.component.ThreadBasedHashMap may cause problems under load 26158 Telemetry-1.0 Disabled warning message 26171 @Transactional may throw a checked exception which is not allowed according to the interceptor specification 26216 Port MYFACES-4606 26221 Port MYFACES-4606 (Issuing Element Not Found in Request Parameter Map for Ajax Requests) to Liberty 26306 Fix Documentation for Supported Java versions 26341 23.0.0.9 CWWKE0701E bundle com.ibm.ws.security.token.ltpa failure at server startup 26437 Packaging Springboot 3 application embedded with Open Liberty does not work 25759 Enable user to set CXF's useHttpsURLConnectionDefaultSslSocketFactory property for outbound JAX-RS Client Requests 25782 Calling stop on an already stopped server hangs for 30 seconds and then reports an error on WSL 25834 OpenLiberty 23.0.0.7 with webProfile-8.0 logs messages saying it requires annotations in the jakarta.annotation namespace 25866 Unexpected end of file from server 25927 CWWKS1706E + CWWKS1739E errors occurs when minimal jwks data is provided by Identity Provider 25932 Absolute file paths fail with the file transfer API when running under servlet 6 25958 sed command in server script returning incorrect value on Solaris 25978 The SPI for registering CDI extensions and Beans will scan the entire archive without an extension PH56004 IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-38737 CVSS 5.9) PH56052 A bundle in an OSGi application with the following manifest header will fail to start PH56063 OSGi applications compiled to Java 17 may fail to start 25646 Semicolon inside text parameter in Reason header will result in the sipcontainer dropping the request 25693 MYFACES-4611 25700 Potential memory leak in Liberty version of org.jboss.resteasy.plugins.server.servlet.ServletUtil 25712 NullPointerException when using app-defined javamodule data source for JPA 25804 Unable to make field private final int sun.nio.ch.SocketChannelImpl.fdVal accessible when using Java 17 25111 MYFACES-4469 IllegalArgumentException occurs in occurs in FacesConfigurator.purgeConfiguration 25354 Update faces-4.0 to MyFaces 4.0.1 25368 GlobalOpenTelemetry is missing public methods 25429 WithSpan anotation does not work when name or kind is set 25457 Local host/port and remote host/port are reversed in message CWWKO0801 25479 Unable to make field long java.nio.Buffer.address accessible when using Java 17 PH53192 The /api/explorer URL from openapi-3.0 does not return the Content-Security-Policy header PH54214 WOLA does not recognize IMS regions they are invoked with LOCKMAX=## specified PH54373 IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java (CVE-2023-28867 CVSS 7.5) PH54810 Liberty on z/OS ECSA storage used by server resmgr are not being released when server stops PH55317 25168 transport close timing issue when streams are closing and a close/goaway frame comes in 25210 DnsContextFactory not accessible in java 17 25212 Transaction Manager configuration options shutdownOnLogFailure, logRetryInterval and logRetryLimit should be published 25283 JSF Container's Application.getWrapped returns null 25316 Exception when doing trace statement bubbles up to the application 25351 OIDC check_session_iframe does not parse origin correctly when path is included in referer 25352 org.omg.CORBA.DATA_CONVERSION illegal char value for string 25402 Messaging secure CommsOutboundChain may be started with wrong sslOptions PH53475 [OLGH24864] FRAME_SIZE_ERROR is generated when both http/2 and compression are used PH54050 [OLGH25097] UI ADMINCENTER correction PH54100 Use unauth service if auth service product registration fails PH54173 Add Java 11 check to cacheDirPerm supported check 24939 `requestTiming-1.0` causes elevated (or spiking) CPU performance due to the `SlowRequestManager` 24948 OIDC RP-initiated logout end_session should verify the id_token_hint issuer 24986 SSLHandshakeException occurs while closing HTTPConduit 25008 NullPointerExcetion or ArrayIndexOutOfBoundsException in SearchBridge when using custom input/output configuration 25010 EntryNotFoundException thrown in federated registries when using custom input/output configuration 25097 Update adminCenter 25152 Request Timing metrics not showing up with `mpMetrics-5.0` (when used with `requestTiming-1.0` feature 25169 295651: Concurrent persistent failover timers - server not releasing claim on scheduled task when unable to run it PH50863 IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998 CVSS 7.5) PH52912 CWWKO1100E: The ScheduledExecutorService OSGi service is not available PH53883 IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482 CVSS 5.3) 24323 SIPcontainer should stop parsing non-utf8 characters when acceptNonUtf8Bytes is set to false 24469 Java 11 NoSuchAlgorithmException SHA1PRNG when FIPS enabled TS012071744 24565 RegistryHelper.getUserRegistry throws an IllegalStateException if no user registries are present 24578 Application can't recover from exceptions thrown during startup 24598 [JPA 2.1] EclipseLink Deliver Issue #1823 24683 Port MYFACES-4594 24730 Cleanup non-daemon threads at the server shutdown 24793 JSP Options to pick up web-ext jsp-attribute values on start up (honor disableTldSearch to improve app start up time) 24804 Encrypted value for internalClientSecret within oauthProvider does not work 24915 Server hangs at startup when enabling trace specification com.ibm.ws.*=all 24938 SOAP 1.1 Web service request to SOAP 1. Provider acting as gateway fails when wsAtomicTransaction feature is enabled 24955 PH53918 UnsupportedOperationException is thrown after upgrading to 22.0.0.10 or later 24958 Configurable option for FileUpload 24092 Aborted managed connections invoking endRequest and end are causing problems in JDBC driver code 24223 Monitor-1.0 returns strange values for standard deviation 24444 JAX-RS NPE in Singleton EJB Sub Resource 24462 Cleanup any asyncServlet non-daemon threads at the server shutdown 24465 JDBC DB2 values for queryDataSize need to be updated 24543 OIDC client issue in cluster environment, starting 22.0.0.10 version 24566 AcmeCA feature with revocation enabled can fail to initialize on certain OS and JDK combinations 24584 pluginUtility merge action generates incorrect output for some inputs 24585 Insufficient Infinispan cache creation for Liberty httpSessionCache 24631 Fix ClassCastException during the de-serialization of CDI Injected Event 24651 Liberty Server hangs randomly PH52079 IBM WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache James MIME4J (CVE-2022-45787 CVSS 5.5) PH52095 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364 CVSS 9.8) PH52167 [OLGH24077] DoNotAllowDuplicateSetCookie property not working PH52364 Check file existence before delete PH52713 Feature resolver may pick multiple versions of the same singleton feature 23410 UnrecoverableKeyException occurs when using WS-Security Callback handler on Liberty 22.0.0.9 23676 Transaction manager unavailable when stopping resource adapters during server shutdown 23954 The authCache->cacheRef and webAppSecurity->loggedOutCookieCacheRef server configuration elements are not included in the documentation 23976 Add option to support old format of start-info in multipart/related SOAP messages 24001 Fix configuration attribute name used in CWWKS1738E message 24007 server dump command fails in WL on IBM i 24047 Memory in com.ibm.ws.wsat.service.WebClient when creating thread context class loaders 24048 Possible performance issue in com.ibm.ws.wsat.service.impl.WebClientImpl 24056 Batch-2.1 feature content is active even when configuring batch-1.0 or 2.0 24077 DoNotAllowDuplicateSetCookies http channel config option is not working 24155 Memory leak in JaxRsFactoryImplicitBeanCDICustomizer 24157 Validate HTTP header names 24293 Scheduled Futures leak resources from Managed Executor Services on application stop 24371 Server fails to start due to conflict on servlet feature 23392 Stopping liberty Windows service immediately after starting results in hang condition 23425 A syntax error in JSP compile should consistantly output error JSPG0077E 23567 decode url query string before final redirection of the originial request 23582 Messaging client hangs during shutdown 23583 [22.0.0.9] Unmarshaller error when Unmarshaller obtained [from pool] 23613 Intermittent NPE at com.ibm.ws.security.javaeesec.cdi.extensions.HttpAuthenticationMechanismsTracker.getAuthMechs(HttpAuthenticationMechanismsTracker.java202) 23690 JTOpen Toolbox driver 11.1 JDBC connections fail from Open Liberty to IBM i 23748 CDI Shared Library bean visibility problems 23771 IndexOutOfBoundsException can occur during a resource outage. 23782 JDBCDriverService; issue with Boolean parameters 23883 Default keystore file not getting detected on file monitoring 23885 Use mininum jdkSourceLevel of 1.8 for JDK 20+ PH50342 IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google protobuf-java (CVE-2022-3171, CVE-2022-3509) PH50815 Check for webenab products before removing product marker 22738 SSLContext defined in ClientBuilder.newBuilder().sslContext(sslcontext) not preserved with restfulWS-3.0 23146 JspFactory.getDefaultFactory().getEngineInfo().getSpecificationVersion() return incorrect version 23273 Scripts do not respect the enable_variable_expansion indicator in server.env 23310 Additional fixes for JSR375 (javasec) Decorator and Alternative 23326 Liberty default HttpAuthenticationMechanisms do not call HttpMessageContext.responseUnauthorized 23403 HTTP/2 Intermittent server quiesce failure when stream is closed with an exception 23462 NullPointerException in com.ibm.ws.rsadapter.impl.DB2Helper.isAuthException 23478 NullPointerException in InstallFeatureAction for .esa files PH49719 IBM WebSphere Application Server Liberty is vulnerable to denial of service due to GraphQL Java (CVE-2022-37734 CVSS 7.5) PH49876 zosConnect failure in XML or JSON parsing PH50062 MDB class leak on application stop PH50353 Updates to usage metering to set protocols and ciphers for the connection 21808 Provide a way for Custom User Registries to use the uniqueId instead of the securityName 22771 In SIP headers, need to handle encoded values (%xx) while not causing error on valid Tag formats ending with % 22865 Datasource changes are not propagating to JPA during dynamic config update 22909 MDB class Java heap leak on application stop 22918 Intermittent NPE at com.ibm.ws.security.javaeesec.cdi.extensions.HttpAuthenticationMechanismsTracker.getAuthMechs(HttpAuthenticationMechanismsTracker.java:186) 22933 MP JWT 1.2 and 2.0 TCKs won't run at 22.0.0.11 22963 com.ibm.ws.jpa.container.v21.cdi lacks a package-info.java file 22965 Generating ssl key for FilterServer, when running FilterConfigTest takes too long 23017 MP Reactive Messaging: NullPointerException during Kafka partition rebalance 23031 Failed to parse Created TimeStamp in UsernameTokenValidator 23059 Uses constraint violation for org.joda.time packages 23183 EJB Handle deserialization fails with org.omg.CORBA.TRANSIENT: attempt to establish connection failed 23186 IdentityStore validate method not getting called for BasicAuthentication request 23225 IllegalStateException in dynacache when app server is stopping 23252 AmbiguousResolutionException when same class is present twice and certain features are used PH48467 java.lang.ArrayIndexOutOfBoundsException is thrown when purging data while shutting down a connection PH48810 IBM WebSphere Application Server Liberty is vulnerable to a Denial of Service due to Neko HTML (CVE-2022-24839 CVSS 7.5) PH49305 Multiple values in request header "X-Forwarded-For" not logged PH49341 A race condition of transaction timeout could leave an indout transaction at RM side PH49933 Servers using Intelligent Management intermittently fail to pulbish application endpoints 22303 On z/OS running Java 11 a FFDC with caused by AttachNotSupportedException occurs when feature localConnector-1.0 is specified. 22361 Cannot start Jenkins 2.346.3 with Java 17 when using AD authentication 22397 MYFACES-4450: tabindex not rendered for outputLabel 22434 A race condition of transaction timeout could leave an indout transaction at RM side 22584 com.ibm.websphere.appserver.api.kernel.service_1.1-javadoc.zip is missing in the Liberty images 22660 java.lang.ArrayIndexOutOfBoundsException when PurgeDataDuringClose=true 22688 HTTP Access logging need to log multiple X-Forwarded-For headers 22721 Update nekohtml version used in openid-2.0 PH46816 IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection (CVE-2022-34165 CVSS 5.4) Intelligent Management Component PH47454 Error 503 returned from ODR after an application update with the war name changed while the ear file name stays the sam Liberty z/OS PH49234 Attach fails on z/OS running with Java 11 when a started task is used to start a server specifying the localConnector-1.0 feature 22227 Yoko marshals null fields incorrectly when the field is declared as a non-serializable class 22347 FFDCIgnore not honored on or after 22.0.0.4 PH48187 LTPAToken validation failure for users with space characters in the user name caused by PH47867 Intelligent Management Component PH48622 DynamicRouting utility fails parsing commandline Liberty z/OS PH48202 Unpredictable results when cancelling the angel process without registered Liberty Servers first 21666 java.lang.IllegalStateException: Subject is read-only from WebAppFilterManager.invokeFilters 21737 Combine with MicroProfile OpenAPI: Example of date-time in Schema cannot display this format "YYYY-MM-DDTHH:mm:SSZ", will report "OrderedMap" or this "YYYY-MM-DDTHH:mm:SS.MSZ" format 21837 LTPA SSO failure for certain usernames 21845 featureUtility - Not decoding repository passwords when executing 21858 Multiple protocols not always getting honored with the IBMJDK 21880 OpenAPI 2.0+ throws error at startup 21937 MP Fault Tolerance 1.x can log an FFDC when a method times out at the same time as it completes 21955 Liberty does not provide exported packages for java.* packages at runtime in the OSGi framework insteance 21973 Expiration fields are not compared in an LTPA Token 22012 CXF property cxf.ignore.unsupported.policy is not processed correctly in Liberty 22.0.0.8 22040 Invalid character warning for colon in WorkQueueManagerImplMBeanWrapper objectName PH45225 CICS link servers do not reconnect to a Liberty profile server after the Liberty profile server is recycled PH45750 IBM WebSphere Application Server Liberty is vulnerable to spoofing due to Eclipse Paho (CVE-2019-11777 CVSS 7.5) PH46073 Duplicate of PH47867 PH47867 IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476 CVSS 5.0) 11959 Weld does not mark org.jboss.weld.context.ConversationContext.conversations as dirty when retrieving it from session storage 20939 Classpath visibility unclear -> NoClassDefFoundError: javax.cache.CacheException since 22.0.0.4 (maybe since 22.0.0.3) 20950 Memory Leak with JSF's ViewScopeContextualStorage (MYFACES-4433) 21204 [JPA 2.1] EclipseLink: Deliver Bug #579409 21214 Server start fails when directory has spaces 21398 Add additional details to `exposeWebInfOnDispatch` Server configuration description 21473 ClassCastException FFDC occurs when using audit-1.0 with other features like requestTiming-1.0 or eventLogging-1.0 21526 UI generated by `openapi-3.1` feature doesn't show the link specific endpoints 21601 Port MYFACES-4432 to JSF 2.3 and Faces 3.0 (Resolve request object in facelets) 21615 EJB persistent timers that were deferred during app start do not run when app finishes starting 21651 290399-Fix umask command for IBM i in server script 21664 featureUpdate downloads fail in Windows, due to #20945 21735 PausableComponentException when closing message endpoints on server shutdown 21740 Inactivity timeout value larger than 2147483 seconds causes immediate cache invalidation PH43910 Liberty routing rules do not always respect a webserver assignment using the '*' wildcard Liberty Administrative Center PH45086 IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22393 CVSS 3.1) Security PH46072 IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22475 CVSS 7.1) 20082 CWWKE0702E: Could not resolve module: com.ibm.ws.ejbcontainer.remote [852] Bundle was not resolved because of a uses constraint violation. 20908 Default session meta cache name failed with RH DataGrid 20981 ArrayOutOfBounds exception on z/OS with either full or JMX audit events enabled on shutdown 21004 featureUtility viewSettings doesn't show repository settings 21043 Bump netty dependencies to 4.1.77.Final 21050 Liberty OIDC error is being returned with incorrect characters 21060 Correct Service Release and Fixpack processing in JavaInfo 21079 Refresh token is not cleaned up when a JWT access_token had been issued 21097 Custom claims not passed to the back end 21108 Admin center enhancement PH42822 WebSphere Liberty z/OS 20.0.0.9 java.lang.NullPointerException at com.ibm.ws.jaxrs.JAXRSRuntimeDelegate$ClassloaderReference Liberty z/OS PH45221 NPE in com.ibm.ws.zos.wlm.internal.UnauthorizedWLMNativeServices.CreateJoinWorkUnit() PH45329 Liberty server fails to start with JVM gpf after a racroute request=auth call PH45749 z/OS Product registration message CWWKB0108I does not contain full version PH44627 Null Pointer Exception in JSP after 21.0.0.7 when skipMetaInfResourcesProcessing=true Liberty Archive Install PH44289 Install of z/OS Liberty interim fix fails with CRIMA1076E Liberty Kernel PH45316 Liberty packaging fixes - Ensure the proper set of features are packaged when several valid versions exist 20082 CWWKE0702E: Could not resolve module: com.ibm.ws.ejbcontainer.remote [852] Bundle was not resolved because of a uses constraint violation 20247 webContainer property skipMetaInfResourcesProcessing=true can cause NullPointerException in JSP taglib 20293 Add security headers to OpenAPI UI 20298 Avoid ConcurrentModificationException during dynamic configuration updates for federatedRepository and user repositories 20303 NPE during handshake when CLIENT_AUTH or SERVER_AUTH is missing in the certificate extension 20310 OpenAPI UI is broken (missing CSS) 20353 NullPointerException in EJBWARRuntimeImpl when dynamically updating server configuration 20403 LibertyRestClientBuilderImpl nonProxyHosts PatternSyntaxException 20441 Timing window where cancellation of scheduled task is ignored PH43113 ClassNotFoundException for SecureSerializedViewCollection during Session Persistence Liberty Administrative Center PH43817 IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo (CVE-2021-23450 CVSS 9.8) Liberty Kernel PH44064 Liberty server command not working on IBM i platform after installing fix pack 22.0.0.2 Liberty System Management PH43223 IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to Clickjacking (CVE-2021-39038 CVSS 4.4) 12050 @RolesAllowed rejects unauthenticated users when they mapped to an allowed (EVERYONE) role 19316 Duplicate message key in com.ibm.ws.ui.tool.explore 19519 LibertySSLSocketFactory cannot be loaded inside a custom feature 19613 Bump netty dependencies to 4.1.72.Final 19659 Update ExpressionLanguage 4.0 API/Impl to 10.0.14 19673 JWT access token inbound propagation fails when a JWT sent as segments starts with "Bearer" 19780 Adding Monitor Filter increases Startup Time. 19937 Context-root for web-ext is no longer honored with WLP 22.0.0.1 19960 OpenID Connect: Double URL Encoded State Parameter in Redirect location 19981 ConcurrentModificationException in com.ibm.ws.security.openidconnect.clients.common.JtiNonceCache 19991 featureUtility does not pass all features from server.xml to repository resolver 19999 [JPA 2.2] EclipseLink: Deliver Bug #578262 20003 Update Webcontainer ServletVersion Handling to Avoid SRVE8501E errors 20020 AccessControlException thrown from Yoko calls to Class::getClassLoader 20063 Server commands not working on IBM i after checkpoint changes 20064 Fix server command on IBM i 20070 503 response returned when request contained a 100-continue header 20165 jsonpContainer-2.0 and jsonbContainer-2.0 features incorrectly use default providers. 20206 Servers stop can fail in products that embed Liberty 20277 False artifact io.openliberty.jaxrs30 in mvn repository PH44762 IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031 CVSS 5.4, CVE-2021-46708 CVSS 4.3) General PH41660 After 21.0.0.9 upgrade "DefaultHostname" definition in bootstrap.properties does not overwrite Liberty default PH43194 Add support for CICS 5.6 to WOLA PH43281 API Discovery UI will not load PH43530 NullPointerException in JSP after 21.0.0.7 Intelligent Management Component PH41615 Intelligent management WebServer plug-in is sometimes unable to route one HTTP session requests to the same member server Virtual Member Manager (VMM) PH42489 19688 Empty com.ibm.ws.logging.hideMessage hides all messages and does not create messages.log 19702 Support for outbound channel selectors to start immediately 19707 Runnable jar hangs after Ctrl + C 19780 Adding Monitor Filter increases Startup Time 19781 Calling `UserRegistry.isValidGroup` or `UserRegistry.isValidUser` when using `federatedRegistry-1.0` can return `true` when `false` should be returned 19785 Federated SAF registries can incorrectly claim a SAF user or group is not in the realm when calling `UserRegistry.isValidGroup` 19826 MP Fault Tolerance annotations at the class level of a Rest Client interface are ignored 19831 The output of ./wlp/bin/productInfo featureInfo missing new lines 19841 defautHostName does not get picked up from bootstrap.properties for cfw 19860 Updating MicroProfile versions on server.xml causes issues with install manager 19897 "ERROR: Input redirection is not supported, exiting the process immediately" reported with Open Liberty as a service on Windows PH42074 IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22310 CVSS 4.8) WebSphere MQ messaging providers PH42762 Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server Liberty (CVE-2021-4104 CVSS 8.1) 16320 OAuth provider Multiple Connections are disallowed in current pre-existing attachment environment error TS003794701 17562 Multiple duplicate element IDs cause excess memory allocations and looping. 18695 Avoid inferring caller in LogRecord.getSourceClassName and LogRecord.getSourceMethodName in Liberty HPEL 19334 Policy attachments file: policy-attachments-server.xml is not processed 19342 [JPA 2.1] EclipseLink: Deliver Bug #463042 19348 gRPC server property "httpEndpoints" is invalid 19366 JMX file transfer errors should not expose resolved file paths 19413 JAX-RS fails with 400 Bad Request when query string contains _type param 19433 JNDI lookup to CORBA URL can hang 19505 SRVE0250I and SRVE0164E messages not emitted unless trace is enabled 19514 Test Failure: AutonomicalPolling1ServerTest.testAddPersistentExecs gets intermittent NullPointerException when transaction timeout aborts the connection 19522 Unresolved gRPC bundles in feature 19547 New HTTP/2 streams still accepted while server is closing 19567 Memory Leak with mpJWT 19585 Classes are still indexed by mpOpenAPI when mp.openapi.scan.disable=true 19589 ArrayIndexOutOfBoundsException during startup with mpOpenApi 19630 Application class loader to ignore designated classes 19631 featureUtility installServerFeature fails when user feature is listed 17155 Multiple entries may be added to the Authentication Cache for a custom cache key hashtable login 17972 `@Schema(multipleOf = )` can throw `NumberFormatException` in `mpOpenAPI-2.0` feature 18262 server startWinService & stopWinService commands give incorrect/misleading return codes 18411 Liberty message.log has repeating servlet lifecycle messages 18419 ExpressionFactory#getClassNameServices fails if META-INF/services/javax.el.ExpressionFactory contains comments 18492 gRPC service registration broken for EAR deployments 18663 NullPointerException in JaxRsFactoryImplicitBeanCDICustomizer 18674 HTTP/2 streams closed due to client window update delay 18751 Bump netty dependencies to 4.1.68.Final 18813 Test Failure: testJTATransactionUsedSeriallyWithOverlapAndCommitWithinLastStage NullPointerException 18836 NPE when creating an HttpAuthenticationMechanism with the default package 18866 Fix PasswordUtil.passwordEncode() with "hash" option 18925 Cloudant NLS messages are not used 18973 Investigate weld-osgi-bundle versions in feature files PH39935 CWWKE0701E at Liberty startup reports a ConcurrentModificationException in the APIProviderAggregator class Web Container PH40879 Server start hangs caused by plugin-cfg.xml generation Virtual Member Manager (VMM) PH38929 WebSphere Application Server is vulnerable to Information Disclosure (CVE-2021-29842 CVSS 3.7) 17155 Multiple entries may be added to the Authentication Cache for a custom cache key hashtable login 17489 IllegalStateException is thrown when Liberty tries to update a readOnly subject 17950 Fix SRVE8501E Warning 18281 Possible Bug with deferServletRequestListenerDestroyOnError 18282 Bug: AdminCenter SRVE0190E: File not found: /images/tools/wasdev_142x142.png 18299 NullPointerException if used with mpMetrics 3.0 18348 ContainerRequestContext.getAcceptableLanguages() - fails with IllegalArgumentException when invalid locales are specified in the Accept-Language header. 18404 Create PluginGenerator Lock to Address FileNotFoundExceptions 18430 Saml web sso sp initiated login flow resulting in buildup of WASSamlReq_xx cookies 18437 JSF throws ClassNotFoundException for o.a.m.el.convert.ValueExpressionToValueBinding 18475 Servlet ReadListener does not receive all HTTP request data 18503 RuntimeCodebase cannot be located on collocated call 18530 Startup hang caused by plugin-cfg generator changes 18552 JAX-RS 2.0 and 2.1 implementation is executing resource method when Content-Type or Accept header contains invalid values 18663 NullPointerException in JaxRsFactoryImplicitBeanCDICustomizer 17299 Allow multiple version of singleton feature with featureUtility installFeature command 17344 OIDC RP may fail to login if clientSecret is not configured TS005720300 17437 NPE in com.ibm.tx.jta.util.logging.TxTr.initTrace 17478 Invalid command line optional parameters are shown with "featureUtility help installFeature" and "featureUtility help installServerFeatures" 17482 Unexpected results with JSP trackDependencies in the extended document root 17489 IllegalStateException is thrown when Liberty tries to update a readOnly subject 17576 OIDC Update the description for disableIssChecking 17593 EJB Singleton Lifecycle Deadlock 17635 Bump gRPC dependencies to 1.38.1 17658 ConcurrencyPolicy loses queue slots when managed executor deactivates and erroneously cancels tasks of other executors 17666 JavaMail tries to use a resource file that only exists in the implementation 12778 mpJWT-1.1 configured by using jwksUri results in CWWKS5523E at the first jwt token presented to the server 15023 WASReqURLOidc cookie encodes the request url but does not decoded it upon successful redirection 16598 ServletContainerInitializer is passed invalid @HandlesTypes classes 16743 Pull in MyFaces 2.3.9 17040 Revision to httpOption maxKeepAliveRequest default value 17047 PluginGenerator FFDC: BundleContext is no longer valid 17117 Test Failure: Failover1ServerCoordinatedPollingTest.testMultipleInstancesCompeteToRunManyLateTasksPC 17177 Failed to locate data source, null Resourcefactory 17203 ORB.init() called simultaneously on two threads during server start 17268 APAR PH37460 useJandex is ignored when autoExpand is set 17294 java.io.IOException might be thrown during AsyncContext.complete() PH28781 CWWKZ0404E: An exception was generated when trying to resolve the contents of the application Liberty z/OS PH35442 Smf120 subtype 11 records sometimes missing values when a servlet request takes an error path PH35542 Abend 0C4 in ntv_registerserver reported on WebSphere Liberty z/OS 20.0.0.12 (wlp-1.0.47.cl201220201111-0736) PH36576 CWWKB0086E seen in angel in fix pack 21.0.0.3 16203 IllegalStateException when calling CDI bean with @Transactional(Transactional.TxType.NEVER) from websocketEndpoint 16307 Update Liberty to not block use of Oracle 21c JDBC driver with IBM Java 8 and Kerberos authentication. 16428 Remove Internal From setHtmlContentTypeOnError 16495 Rename plugin-cfg File Using Files#Move 16524 Fix issue with spanning an audit record across audit logs when signing and encrypting of audit logs is enabled 16539 SESSION ACTIVECOUNT SHOWS A NEGATIVE VALUE 16637 Authorization failure occurs when LDAP or basic user attempts login in SAF federated registry 16661 microprofile-config.properties is not loaded in OASFilter 16694 Avoid virtual host missing warning if server is in the process of shutting down 16764 Deploying two applications with mpOpenApi-2.0 enabled can cause IllegalStateException: SROAP00001: Model already initialized. 16772 [JPA 2.1] EclipseLink: Deliver Bug #573094 16774 PostgreSQL session table check missing qualifier name 16793 Include RelayState in the logout response to IdP initiated slo requests 16808 Issue16807 support new Java policy location per open JDK 9 16843 Cleanup request thread data 15336 Replace DNS lookup with regular expression to get the domain name in SSO Cookie Domain function 15989 MyFaces Update State Saving 16054 HSTS Header not added on responses with 404 status 16113 Shared Class Cache not generated on Windows 16118 Create setHtmlContentTypeOnError Webcontainer Property 16160 HTTP/2 ClassCastException during error handling 16184 EJB timer service does not adjust for daylight savings time during fall adjustment 16301 LDAP and Database Identity Stores fail to reprocess deferred EL expressions 16353 Bump netty dependencies to 4.1.62.Final 16364 Premature response completion in Async servlets 16410 Improve messaging in ldapRegistry-3.0 when userFilter and groupFilter do not contain an AVA with %v 16416 Java 2 Security exception when adding custom principal to the subject for Jaspic 15822 LDAP group members may be ignored when the member's RDN starts with cn (and possibly other attribute names). 15853 Bump netty dependencies from 4.1.52.Final to 4.1.59.Final 15857 EJB client intermittently throws BAD_PARAM after server restart 15869 MP Config AppPropertiesTrackingComponent synchronization 15878 JAX-RS requests that do not specify the port fail with SSL 15927 Cannot inject optional list with mpConfig-1.x 15943 Merge multi-homed environment related changes into Liberty 15975 Create a UDP connection using the selected outbound interface 15985 Threads backing up during transaction processing due to use of Dictionary 16037 Separating ciphers with two spaces results in unspecified behaviour 16060 Eclipselink bundles lack javax.mail.internet PH33517 Issue with <INCLUDE LOCATION> tag on Liberty 20.0.0.9 failed to support the WLP_USER_DIR in already built fixes Java 2 Connectivity (J2C) PH31875 J2CA0079E: getManagedConnection internal illegal state state = state_inactive mcw 11777 prepareJSPThreadCount is not documented in Open Liberty - Investigate if any issues using it and document 12490 IOExceptions thrown after HTTP/2 stream is closed by client 12694 EclipseLink: Deliver Bug #538296 14109 Update gRPC dependencies to 1.35 14175 Expression Language 3.0 value lookup performance improvement 14248 Update WC property suppressHtmlRecursiveErrorOutput 14934 JAX-RS client creates a new SSLSocketFactory for every request 15040 ClassCastException might happen when serving a static resource 15433 System WABs may come online with the web container after server reports started 15550 NullPointerException in HttpServletRequest or HttpServletResponse context proxies 15698 PH32961 InstallUtility and FeatureUtility are working when the variable is a directory, but not part of a file name Intelligent Management Component PH31732 Restricting IP access in ssh keys in authorized_keys, results in ssh key being appended when collective member is restarted 10000 HttpServletResponse.sendRedirect(String location) builds absolute URL including protocoll and server-name 12095 PluginGenerator: BundleContext is no longer valid 12417 Fix java.lang.IllegalStateException: jstl facade bundle can not be located 13515 Add addstricttransportsecurityheader WebContainer prop to metatype 14532 Plugin Generator can cause server shutdown delay 14815 Recovery race 14925 OAuth user registry lookups may use incorrect custom cache key 14928 EclipseLink: Deliver Bug #514486 14936 Issue when deploying Open Liberty application to Openshift 14950 Pull MyFaces 2.3.7 into Open Liberty 14975 OIDC RP: creating a subject with allowCustomCachKey=false results in a subject that includes a cache key 15174 Include tag on windows not parsing correctly 15216 JDBC Kerberos problems on IBM JDK 8 15220 Add HTTP/2 IOException for misbehaving client error case 15237 Clear federated repository specific information from AuditManager thread 15242 Stop the ACME Certificate Checker Task when the server is stopping 15263 HTTP TRACE method requests are rejected with a 403, and `enableTraceRequests="true"` does not help 15305 Pull in CXF-8278 15315 Enable server shutdown on recovery log failure 15337 Dynacache initialization issue when ID is missing 15342 CONTAINER_NAME env variable is not reflected in logstashCollector-1.0 15388 Include tag file name unable to be parsed for featureUtility 15390 Various thread safety issues in the Liberty scheduled executor 15550 NullPointerException in HttpServletRequest or HttpServletResponse context proxies PH30494 NullPointerException is received when using the PasswordChange API with more than one UserRegistry Java 2 Connectivity (J2C) PH29942 Vulnerability in Hibernate Validator affects WebSphere Application Server Liberty (CVE-2020-10693 CVSS 5.3) 13830 Federated repositories returns the string "null" instead of the value null for several methods 13861 Getting ManagedThreadFactory from JNDI is failing in 20.0.0.9 13908 Liberty Java security function does not honor JDK's java.policy file. 14003 Test Failure: com.ibm.ws.microprofile.health20.fat.ApplicationStateHealthCheckTest.testPreLoadedApplicationsHealthCheckTest_mpHealth-3.0 14183 Need an option to load a custom JaasLoginModule without going through com.ibm.ws.kernel.boot.security.LoginModuleProxy 14192 Eclipselink: Wrong month is returned if OffsetDateTime is used in JPA 2.2 code 14377 Server.xml config sources do not respect config_ordinal 14421 EJB persistent timer may attempt to run after server stop issued PH28816 During server startup, the warning "Unconverted adapt to web annotations" appears in server logs Liberty z/OS PH28141 Out of memory in cell pool using 500 connections Web Services Security PH29368 WebSphere Liberty running oauth-2.0 or openidConnectServer-1.0 features is vulnerable to a denial of service attack (CVE-2020-4590 CVSS 5.3) 11847 Add support for traditional websphere property: com.ibm.ws.webcontainer.suppresslastzerobytepackage 12613 Enabling openTracing with no tracer class configured impacts performance 12790 Need to limit how many times an OIDC refresh token can be used to get new tokens 13404 Kafka connector can report failure for acknowledgements which eventually succeed 13551 NullPointerException when starting an EJB module during server stop 13569 Federated basicRegistry returns inconsistent results for case insensitive direct user lookups in scim-1.0 13613 Support IIOP transmission of Supplemental Multilingual Plane characters (such as emoji) in (wide) Strings 13681 Getting ManagedThreadFactory from JNDI is failing in 20.0.0.9 13817 PostgreSQL tables are not automatically generated for transaction recovery PH27912 CNTR5104E OR CNTR5102E occurs at EJB start after upgrading WebSphere to V8.5.5.16, V9.0.5.0, V9.0.5.1, OR V9.0.5.2 Install PH30219 <INCLUDE> Tag not being considered when installing server.xml Java Persistence API (JPA) PH26967 OpenJPA's class transformer needs to respect app classloader concurrency PH28547 JPA persistence activator retains classloader references, potentially leading to OutOfMemory condition 11504 Occasional ArrayIndexOutOfBoundsException in JaspiServiceImpl.getDescription during Arquillian Tests 11556 Connection leak when XAResource.recover fails 12832 Bean Validation should consider @ValidateOnExecution when CDI is not enabled. 13027 Jaxrs security not getting SSL Socket Factory updates 13036 mpGraphql Exception allowlist not working. NullPointerException is thrown by mpConfig 13138 tag not being considered when installing server.xml 13170 MDB method restricted from being private final for no methods listener 13309 Application with EJB 2.x local interface that extends java.rmi.Remote fails to start 13331 ignore extra ffdc when application fail to start due to vhost already removed by stop app 13447 Http/2 -clean up connection on error 14183 Need an option to load a custom JaasLoginModule without going through com.ibm.ws.kernel.boot.security.LoginModuleProxy 12865 spring-cloud-starter causes ApplicationStarted event to be fired before the ModuleStarted events for Spring Boot web apps 12967 "peer not authenticated" failures in RP to OP communication on some versions of Java 11 13094 MDB message listener method name restricted from starting with "ejb" 12067 PluginUtility currently looks in the workarea for com.ibm.ws.jmx.local.address but should look in the logs/state directory 12352 Correct spelling mistake in com.ibm.ws.jsp.jstl.facade/bnd.bnd 12375 IllegalArgumentException occurs when processing SOAP response containing SOAP Fault 12399 HTTP/2 read window not updated 12516 Changes to SSL Session Timeout 12537 H2 NPE HttpOutputStreamImpl.flushHeaders 12545 syncQueryTimeoutWithTransactionTimeout="true" with totalTranLifetimeTimeout="0" results in SQLTimeoutException 12567 Fault Tolerance 2.1: org.eclipse.microprofile.faulttolerance cannot be resolved 12599 HTTP/2 connection termination performance 12708 Entry and exit trace is missing when using OpenJDK with OpenJ9 version 8. 12715 JAX-RS @Context injection into ContextResolver failing with NPE PH25475 After logging in to admin center console, in the web browser console role is getting exposed General PH25479 JAXRS resource not injecting objects via CDI constructor injection Liberty z/OS PH25650 Message CWWKO0230I is issued even if the Asynchronous I/O support was not activated Virtual Member Manager (VMM) PH24423 With SCIM-1.0 feature and LDAP registry, SCIM queries for group members do not deliver the display name for group members 11773 [openidConnectServer-1.0] incorrect http status code for error response invalid_grant 11795 EclipseLink: Deliver Bug #561664 11882 Missing FunctionMapper 11927 Include user name in CWWKS1773E error message TS003412433 11977 May get an NPE in URLEncoder.encode when OAuth provder gets bad clientId TS003459997 11984 JNDI lookup fails with org.osgi.framework.ServiceException 12019 Application MBean status is not updated when application fails to start 12024 The JCA SharedPool can leak MCWrapper objects 12212 Cached configuration not used in some circumstances 12297 Correct JSP 2.3. Feature File PH24366 Liberty fails to remove the client address space level RESMGRs when cleaning up Liberty's client structures Web Container PH20847 Information disclosure in WebSphere Application Server (CVE-2020-4329 4.3) Web Services Security PH24154 Identify spoofing in WebSphere Application Server (CVE-2020-4421 5.0) 11590 MetricProducer provides a simple timer and concurrent gauge with the wrong MetricType 11595 SAML SP should use 401 instead of 403 when redirects user to IdP 11682 Social login feature cookies may not use dynamically updated web app security config 11696 Exception during UserTransaction thwarts @Fallback on @Asynchronous method 11716 Changes for issue 11646 11746 Unable to create logger error in server startWinService when WLP_OUTPUT_DIR set in server.env 11750 Correct redirect location. 11755 Update Weld3 to 3.1.4 11767 Lock contention acquiring applicationTracersLock in OpentracingTracerManager.ensureTracer() 11785 intermittent h2 timing test failure 11870 H2 NPE check modification PH23757 EJB persistent timer/deserialized context fails with CWWKC1004E (unavailable context) after mpContextpropagation-1.0 disabled Install V8 and above PH23517 zosConsoleCommandDisplayWork-1.0 as an auto-feature is not installed Liberty Archive Install PH23233 NullPointerException when installing the required WLP server's features from local repository Liberty z/OS PH22112 Display work with zosRequestLogging feature does not count servlet requests PH23817 gpf in liberty server during shutdown Web Services Security PH22080 Cross-site scripting vulnerability in samlWeb-2.0 (CVE-2020-4303, CVE-2020-4304) Non-English characters in logoutRedirectUrl of oauthProvider results in incorrect redirection Application fails to start because of java.lang.IllegalStateException: Configuration pid com.ibm.ws.app.manager_23 was deleted 10707 Thread safety problem in JSON logging field name mapping code 10986 Invalid JSON data passed to @Path resource method(@Valid MyPojo) yields H500 instead of H400 11043 java.security.AccessControlException: Access denied ('java.util.PropertyPermission' 'org.osgi.framework.bootdelegation' 'read') 11044 custom-login-configuration not honored in java:comp/env bindings without binding-name 11108 mpRestClient-1.3 ignoring hostnameVerifier configuration 11199 EJB Persistent Timer/deserialized context fails with unavailable mp.cleared.context.provider after mpContextPropagation-1.0 disabled 11289 ConcurrentModificationException during JSF application startup 11445 The JarFileClassLoader throws an IllegalArgumentException when defining package com.ibm.websphere.ras.annotation 11454 Remove lock contention and other perf improvements for starting multiple applications 11478 Minor code issue in LdapHelper.getRDN in com.ibm.ws.security.wim.adapter.ldap 11510 Timing window where server loses the ability to run a persistent timer if config update to disable execution overlaps a poll 11534 Async implementation of MP rest client returns CompletionStage of Collection of HashMap but expected CompletionStage of Collection of a user defined type 11535 AdapterUtil.createXAException utility method garbles message parameters 11543 PH22080 10552 Webcontainer Bundle Deactivation causes IO Exceptions for the Cached Plugin-cfg File 10697 LDAP registry and URBridge are not un-escaping double quotation and apostrophes from the XPATH search expression 10712 AsyncResponseImpl.initContinuation() throws NPE when Continuation is null 10730 Javadoc of ConnectionManagerMBean.getJndiName is not accurate 10732 Context-root attribute for server.xml web-ext element ignored 10762 Missing warning when a server element is not present 10867 German translation for 'Logout' incorrect for OIDC applications 10961 Request URL mismatch between scheme and port 10981 Yoko ORB shutdown thread hangs 10996 Error parsing JSON when using ELK with logstashCollector-1.0 11052 Basic registry throws PatternSyntaxException when search for users or groups includes braces 11105 HTTP/2 stream initialization race conditions 11123 Enhance NCSA access log 'enabled' attribute documentation PH19384 Liberty for z/OS server using optimized local adapters abends in method WOLANativeUtils.ntv_getClientService on shutdown PH19528 Denial of Service in WebSphere Application Server (CVE-2019-4720) PH19989 Denial of Service in WebSphere Application Server (CVE-2019-12406) PH20816 Install of common Java SDK for Liberty on z/OS fails with CRIMA1161E PH20912 Unable to set samesite cookie option with response.addHeader PH21213 Unable to install WebSphere Application Server Liberty V8.5 version 20.0.0.1 using IBM Installation Manager PH21281 Warnings showing the text "Unconverted adapt" appears in server logs PH21564 java.lang.SecurityException possible from messaging component calls to System.getProperty("line.separator") PI93822 EJB auto-link fails for java:global with beanName provided 10238 Default logging format not being set when using an invalid console/message logging format 10240 EclipseLink: Deliver Bug #558414 10243 Pull in MYFACES-4311 and add a FAT 10248 JsonB provider not found when loaded from library 10293 Test Failure: com.ibm.ws.testing.opentracing.test.FATOpentracing.testImmediate 10310 EclipseLink: Deliver Bug #347987 10337 Java Batch: Error reported when JMS job dispatch message is redelivered 10384 Support for SameSite attribute in Set-Cookie header is needed 10393 PersistentTimerCoreTest.testDisabledLateTimerMessage FFDC indciates missing doPriv on abort 10397 Retry port opening according to configurable number of retries 10426 requestTiming-1.0: servletTiming server configuration does not work with servlet-4.0 10461 Basic registry throws PatternSyntaxException when search filter contains paren 10462 LDAP registry throws InvalidSearchFilterException when principalName search filter contains paren 10508 Avoid using System.getProperty("line.separator") in messaging code 10559 Need to quit warning about strange cookies sent from IBM ID 10578 oidcclient does not expand ID attribute after 19.011 10582 JAX-RS 2.0 ExceptionMapper is ignored when using mpOpenTracing 10587 Yoko ORB shutdown thread hangs 10604 Wrong encoding for special characters (Swedish language) 10702 Decompression Ratio Support  Map the Spring Boot application's context root to the application's welcome page (index) Unfriendly user error message displayed and user is blocked from signing in to their application when their liberty session expires H2 Synchronization problem with tests that are sending duplicate frames H2 intermittent error when upgrade fails For a batch job with partitioned step, the PartitionReducer's afterPartitionedStepCompletion gets ROLLBACK on normal completion. Handling logging out of mp jwt flow introduces an error  Cannot distinguish opaque token that contains two dots from JWT Resource adapters might fail to start with Bean Validation 1.1 and CDI 1.2 enabled. Unresolved module com.ibm.ws.rest.handler.validator.jca javax.servlet.ServletRequest.getParameterValues returns null in Jaxrs applications 10006 service.ranking can be removed from com.ibm.ws.persistence defaultInstances.xml 10030 H2 connection error causes server timeout 10144 Add additional support for range attributes on Active Directory Ldap searches 10165 Fault Tolerance messages not output 10178 Resource leak when installing features through Gradle on Windows 10215 CXF cannot process a gzip encoded SOAP response 10228 Rest Client for MicroProfile loses entity on POST requests with status code 202 response Remove obsolete com.ibm.ws.webcontainer.channelwritetype from Liberty's metadata and web container properties LDAP registry returns error code 21 when updating boolean values Opentracing can cause jaxrs exceptions to not be logged NullPointerException when using dynamic filter to add mapping for servlet name HTTP/2 malformed requests should cause stream reset FFDC when Exception thrown by user code proxied using ContextService Test Failure: junit.framework.TestSuite.com.ibm.ws.cdi12.fat.tests.SessionDestroyTests Relax criteria for calling out an FFDC when dealing with the Selector logic NPE in the SIP Container when a Digest challenge does not contain the `algorithm` field Unable to load LibertySSLSocketFactory during transaction recovery Class transformers can fail if a class is loaded from the shared classes cache Non english characters in logoutRedirectUrl of oauthProvider results in incorrect redirection JNDI literals parsing too verbose PH18715 java.lang.StringIndexOutOfBoundsException exception in com.ibm.ws.zos.registration.internal.ProductManager.start Security PH18751 Exceptions when using keystore ID="defaultkeystore" after upgrading to fix pack 19.0.0.9 on z/OS PH29291 NullPointerException might be thrown during EJB invocation on 19.0.0.9 Runnable JAR execution fails when WLP_USER_DIR env var is set to "other" location with CWWKE0005E Pull in MyFaces 2.3.4 TAI negotiateValidateandEstablishTrust called twice during authentication. 7234-TRACENPE COMMIT1 Confidential for Security Integrity fix CVE-2014-3603 jwkRetriever should not require an sslSocketFactory if using http federatedRegistry-1.0 group membership may use a repository that does not participate in the realm ServletCacheEngine ignore cache for App using default context root Remove additional ; in WebApp.java Update Commons BeanUtils to 1.9.4 Header Key retrieval fix for case sensitivity correct certain JSP messages NullPointerException might be thrown when the security audit is enabled for ejb. IllegalStateException in JMX Connector RESTHandler from call to getWriter Add Apache HttpClient v3.1 library RACF SDBM LDAP registries may encounter OperationNotSupportedException Test Failure (20180702-1422): com.ibm.ws.jdbc.fat.v41.JDBC41Test.testTransactionTimeoutAbort Auto-features which depend on kernel features do not get installed Fix Intermittent NullPointerException on TCP trace during shutdown H2 Intermittent NPE in HttpOutputStreamImpl.flushHeaders() PH16611 Multiple vulnerabilities in HTTP/2 implementation used by WebSphere Application Server Liberty Intelligent Management Component PH16337 Liberty OIDC is not working with dynamic routing plug-in Liberty z/OS PH14100 Out of storage condition caused by a leak in LSCL causing rc12 Reason Code 24 from BBOA1CNG PH16940 Liberty servers abend with an ABENDSEC3 RSN=20000800 when a Liberty server is shutdown using force or similar Security PH15518 Multiple vulnerabilities in WebSphere Application Server Liberty (CVE-2019-4304, CVE-2019-4305) WebSphere Compute Grid PH13367 Job Partitions reported failing due to a deadlock on Java Batch Job Repository tables WMQ messaging providers PH13286 Provide mechanism to disable 1PC optimization Federation of a custom UserRegistry (CUR) results in different behavior than when stand-alone export jsf-2.3 impl classes as third-party export jsf-2.2 impl classes as third-party Case TS001514963: requestTiming does not show all SQL queries OIDC RP does notHTTP Auth header as containing a valid OIDC id_token CWIML0514W occurs using uppercase group DN on getGroups Failure to parse multiple comma separated links in an HTTP Link header on a Jaxrs Response object GA Fault Tolerance - Metrics 2.0 integration When JACC is enabled, annotated role mapping is not enforced properly. OperationNotSupportedException: [LDAP: error code 53 - R000128 Filter is not supported (sdbm_search:1413)] requestTiming-1.0 feature does not work in OpenLiberty JSF File Descriptor leak in DefaultFaceletFactory Erroneous CWWKL0058W warning when multiple JARs in library have META-INF/services Web Admin Security Updates Terminate misbehaving HTTP/2 connections PH15089 A login might be required for unprotected resources when none of TAIs processed a request Sessions and Session Management PH13932 "Using collection QEJBASSN for session persistence." is always output with startup of Liberty servers Virtual Member Manager (VMM) PH14786 Using non ASCII characters (ex. Chinese) in an SCIM filter fails Web Container PH14619 ServletContext.getRealPath() should not return null for nonexistent files Adding mpConfig-1.3 feature while the server is running does not install the configuration feature properly OIDC discovery endpoint does not emit the revocation endpoint Eclipselink: Fix bug 547173 WSOC: fix a read during close timing window. login process is carried out for unprotected resources even TAI does not intercepts a request Loose application with MP Health not picking up changes after recompile - GM 19.0.0.7 Error on edit for OAuth client with no secret openidconnect emits httpclient spurious log warnings for certain cookies Liberty 19.0.0.7 Blocks *all* Large Object API functions for Postgres Add doPrivileged block in WASInitialContextFactoryBuilder for class look up content-length header should not be required for HTTP/2 requests Channel framework chains not closing down before timeout 8458 - Loop until cfw chain is closed PushBuilder should ignore headers with null values URBridgeEntity uses NLS message key, REQUIRED_IDENTIFIERS_MISSING, which is not defined PH13649 Invalid command line optional parameter (--hostName) with "collective help addReplica" Virtual Member Manager (VMM) PH13757 SCIM 1.0 returns HTTP 404 return code for user search Federated Repositories LoginBridge does not handle output property mappings that are multi-valued JPAContainer incorrectly sets App Classloader as the CCL Scrub error response for unwanted characters IllegalArgumentException in MP Metrics from timing issue WSLogManager static fields not properly initialized in jdk7 Fix NPE in WebAppSecurityCollaboratorImpl when invoking web resource using custom HTTP method socialLogin needs to produce choice menu with one provider and localAuth enabled WASReqURL cookie path is not set when the context root of an application is set to root When Auditing function is enabled, it is potential that SRVE0777E error is logged Memory leak when stopping applications NullPointerException in UniqueNameHelper.getValidDN After updating to 19.0.0.4, SESN0008E errors started occurring PH13269 Delay ALPN init until required and free ALPN resources on connection errors to prevent OutOfMemory Liberty Debug and Tracing PH11759 Performance drops when writing a large amount of log entries to Liberty console log Liberty z/OS PH12644 Keys are not stored in ICSF with triple-length PCICC format Security PH07530 A NullPointerException is thrown during SAFKeyRingNotificationMbeanImpl initialization Web Services Security PH11031 OAuth runtime emits error when adding EXTENDEDFIELDS column many times Avoid inferring caller in LogRecord.getSourceClassName and getSourceMethodName when processing System.out calls Investigate possible difference in values between Prometheus and JSON format metrics EclipseLink: Deliver Bug #421056 pt2 Session time based write option not honor small time interval java.sql.Connection's network timeout not getting set to the correct value Timing issue between deleted configuration and configuration store PH08972 Liberty on z/OS message CWWKS2934E issued during initialization is confusing when it does not reflect final status Systems Management Functions PH11844 Joining a member to a back level controller fails when the collective uses a collective-wide ssh key Ability to extend the size of the log buffer beyond 8k on WebSphere Application Server Liberty Profile Building .tar.gz server package fails on Windows redirectcontextroot=true and redirected secure page causes null remoteIp "proxies" Default Regex Adjustment Better handle private headers during message deserialization NullPointerException in MethodAttribUtils.getXMLCMCLockAccessTimeout NullPointerException in AppDefinedResourceFactory NPE in LTPAConfigurationImpl.loadConfig PH06340 Potential denial of service vulnerability in WebSphere Application Server (CVE-2019-4046) Security PI91146 Liberty runs unnecessary authentication logic when TAI is configured LdapConnection getAttributesByUniqueName() throws EntityNotFoundException for existing user Initial requests with custom method (including PATCH) fail with HTTP/2 JAX-RS 2.1 Performance Redirect Scheme and Port Mismatch Externalize ThrowIOEForInboundConnections httpOptions mpFT 2.0: Circuit Breaker metrics updated incorrectly when non-failure exception thrown Outbound SSL Connection IOException FT 2.0: Circuit breaker does not correctly restrict executions when in half-open state Using Automatic WorkQueue for Async JAX-RS responses Improve BNF Header Storage inherited templated transient views raising "unable to create views" exceptions Test Failure: EEConcurrencySpecTest.testListenerInvokeAnyWithTimeout Future.get interrupted during taskDone with CWWKC1120E getManagedConnection: illegal state exception. State = STATE_INACTIVE after abort due to transaction timeout Problems with resolution of environment variables PH08872 The servletRequeset.getContextPath() might return a different context path when using with OIDC client application. Web Services (JAX-WS, JAX-RS) PH09634 The policy-attachments-server.xml file under WEB-INF is not processed Web Services Security PH09651 OpenID Connect client authzParameter and tokenParameter values not updated when dynamically removed from server configuration DefaultExtensionProcessor file.not.found message does not contain default message that takes a parameter ApplicationManager startTimeout blocks startup when app is missing Fix Java 2 Security issues with JSPs Apply "useAuthenticationDataForUnprotectedResource" to jwtSso cookie jsonp-1.1 API dependencies incorrect ClassCastException when using binaryLog with --monitor JAX-RS request context modified after client request Filter out embedded server dependencies for Spring Boot 2.1.x Test Failure (20190101-0221): com.ibm.ws.kernel.boot.ServerStartAsServiceTest.testWinServiceLifeCycle Generic types are lost in MP Rest Client and JAX-RS clients due to bug in JsonBProvider Stack overflow scheduling new ManagedScheduledExecutor task from task Application exceptions should not be wrapped in EJBException Command line variables are not working on windows ClassNotFoundException thrown during sessionPostInvoke ServletRequest.getContextPath() might return wrong value when OIDC app is in used Externalize maxOpenConnections tcpOptions Using slash slash comment in JSP expression spanning lines can get JSP error JSP slash slash comment fix Custom JAX-RS ParamConverter does not work for collection and array types Using slash slash comment in JSP expression spanning lines can get JSP error, Java7 compatible Loading classes from multi-release jars does not work HTTP request header "If-Modified-Since" parsing fails with IllegalArgumentException if default Locale is not US Automatic EJB Timer creation skipped if database tables do not exist WebContainer: make code more service deactivate aware ClassNotFoundException during JSF initialization Tolerate missing ps PH07896 Liberty server start hangs on "CWWKZ0018I: Starting application" when thread pool max size is set Liberty z/OS PH08209 Add support for CICS 5.5 for WebSphere Optimized Local Adapters PH08497 Message ICH408I is not generated when user lacks access to profile prefix in appl class PH08753 Ship assembler DSECT that maps SMF 120 subtype 11 z/OS connect user data Security PH08030 Changes needed in the SAFAuthorizationService API Virtual Member Manager (VMM) PH08428 NullPointerException is thrown when creating a SCIM user with missing name Web Services Security PH06141 Multipart/related SOAP part Content-Type issue The federatedRepositry-->primaryRealm-->defaultParents element should support multiple occurences in the server.xml Auto plugin generation is inconsistent with OSGI applications Incomplete SRVE0279E message JAX-RS clearing RuntimeContext for server side message when resource invokes a client Add default value to the remoteIp "proxies" attribute in the metatype.xml of the HTTP Channel Update WebContainer.getCacheManager() to avoid NullPointerException Invalid archive files no longer prevent apps from starting Fix 500 error when servletPath is NULL Handle exception on call to connection.abort WLP 18.0.0.4 fails to rotate trace log on Windows Fix for connection wait timeout message not being translated. Connection wait time does not dynamically change to 0 showPoolContents waiting connection requests value is incorrect Test Failure (20190203-0423): PolicyExecutorTest.testConcurrentUpdateMaxWaitForEnqueue Redundant log file in workarea after sever start with errror: java.lang.IllegalArgumentException: The property 'osgi.configuration.area' ... is being overriden ... SSL Channel throws NullPointerException during stress Remove internal designation/updates for servletPathForDefaultMapping/make servlet-4.0 default / tests 3645 sync user during login Modify default ldapRegistry-3.0 read timeout to be 1 minute AppClassLoader does not correctly handle null response from ClassFileTransformers CWWKS9582E: The [defaultSSLConfig] sslRef attributes required by the orb element with the defaultOrb ID have not been resolved within 10 seconds. H2: Separate Continuation Frame Checking Between Read And Write ConcurrentModificationException happens when a web application receives a large number of requests immediately after it starts. DataSourceDefinition, ConnectionFactoryDefinition, and AdministeredObject properties should not be path normalized trackLoggedOutSSOCookies setting causing multiple login failure ConcurrentModificationException from ReferenceContext starting web application 5785-orbssltimeout2-commit1 JarFiles never released by JSF Fix Open Liberty Windows Service name in server.bat PollingDynamicConfig tasks can be leaked Hot update broken in 18.0.0.4 Invalid connection pool Prometheus metric format (monitor, mpMetrics) OL 18.0.0.4 server package does not package loose application as war Pull MYFACES-4251 to JSF 2.3 Trace Specification logging level "off" does not work NamingException masked when listing entries in a JNDI context PH04137 Updating WebSphere Liberty for z/OS to fix pack 18.0.0.3 fails with NullPointerException JavaServer Pages (JSP) PH02063 Potential security bypass in WebSphere Application Server with Expression Language library (CVE-2014-7810) Liberty z/OS PH02955 Unable to use SAF Keyring for collective SSH communication PH03549 When the zosWlm-1.0 feature is enabled. the health indicator of the server is only ever set to 2 percent PH03768 EntryNotFoundException SAFGRP is not a valid group PH04243 EC3 abend reason code 20F00600 occurs after a 422 abend PH04282 Error authenticating when Liberty server tries to connect to a back-level angel process PH05100 OutOfMemory failure in Liberty under CICS when connected to an angel process Messaging Providers PH00027 After migrating to WebSphere Application Server V9, the CWSID0046E error is seen in the logs Systems Management Functions PH03232 Incorrect server state reported in a multicontroller collective Virtual Member Manager (VMM) PH02811 Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1901) PH04136 Attempt to create user in SCIM returns 500 HTTP status code with DefaultParentNotFoundException message PH04147 Attempt to update user ID in SCIM returns 500 HTTP status code with IllegalArgumentException message Web Services (JAX-WS, JAX-RS) PH02234 Issue when processing the caller token for UsernameToken PH03014 A property is set in the RequestContext but the interceptor does not read this property resulting in a NullPointerException Web Services Security PH03004 CWWKS1721E: The resource server received an error it was attempting to validate the access token z/OS Connect EE PH05414 OpenIdConnect client subject might not contain Id Token WebSphere Compute Grid PI87244 Firewall prevents the Liberty Java batch tool from displaying job logs PH00738 Session scoped beans are not updated in the database when liberty is configured to only persist updated session attributes ArrayIndexOutOfBounds in LdapConfigManager.setFilters() Future does not return immediately when timeout fires when using timeout with Async full tmp dir prevents server from reading server.env during startup Pull in MyFaces 2.3.2 once released Migration of JMS delivery delay. Need to fix first line of output from Liberty JSON log format to actually be JSON LogRecordContext API is missing from /wlp/dev/api/ibm jars Expose a couple of packages to the thread-context in jsf-2.3 Fix BundleContext is no longer valid error on server shutdown Provision compatible javax.annotations API for SpringBoot applications Allow CXF-specific client properties for the JAX-RS 2.X Client APIs H2: fix some HTTP/2 code and test issues uncovered by further parallel stream stress testing Fix missing doPriv in unwrap JSR375: When JASPIC is enabled, a login panel pops up even EVERYONE role is assigned Externalize multiple httpOptions Faces servlet mappings defined in web-fragment.xml do not work - jsf-2.2 Add a recursion counter for messagehandlers into BaseTraceService NullPointerException in ClassLoadingServiceImpl SpringBoot applications fail to start when a non jar file is in the library directory

Fix NPE in servlet service which may happen when WebSocket is used

Test Failure (Liberty - Mac EBC - 20180915-0112): PolicyExecutorTest.testStartTimeout HTTP/2 engine must tolerate priority frames received in any state and better handle flow control problems update openidconnect client way of sending credentials to userinfo endpoint Flush queued actions when an app is removed /metrics output got truncated on Japanese locale MYFACES-4252 Classpath._searchDir can throw NullPointerException Fix Java 2 Security access issue in kernel DefaultFileStreamFactory Deadlock in ZipFileArtifactNotifierImpl H2: Fix race condition in multi-stream writing logic Improve our serviceability around page search and chasing referrals for Ldap MP Rest Client does not honor MP Config-specified providers Occasional HTTP/2 MessageSentException: Message already sent SSL config not used by RestClient JAX-RS Client does not pool HTTPS connections Fix bug in server package server-root command JMSContextInjectionBean uses deprecated CDI method Microprofile appProperties element not showing up in schema Pull MYFACES-4260 to both jsf-2.2 and jsf-2.3 features release bug: implement PH02361 in development stream When using advanced connection manager property numConnectionsPerThreadLocal and connection fail during cleanup, the connection managers connection pool may fail to remove failing connections resulting in no connections being available. Deliver fix for CVE-2014-7810 OpenId Connect clients might exhibit a thread leak MessageSentException intermittently during flushBuffers EJB timer ScheduleExpression serialization incompatibility Failed to createMinimumEscapeHandler for unknown jaxb class Expose jsf 2.3 org.apache.myfaces.push.cdi to thread context class loader Fix --include default to have /usr for server and shared folder Too many threads during low-load operation CWWKS1739E error may occur when using OpenID Connect in 18.0.0.3 PH00926 Collective repository dump should include non-sensitive host and jmx auth information to help diagnose issues Virtual Member Manager (VMM) PH00881 SCIM does not return paged results for requests that do not include the 'count' parameter PH01668 SCIM incorrectly returns 500 on MaxSearchResultsExceeded PH01863 SCIM updates to users can result in attributes being marked for deletion that were not designated for deletion by the request PI99257 Requests to SCIM to retrieve a resource by ID that do not include an ID result in an 500 HTTP status code PI99317 Request to SCIM "groups/{ID}" endpoint specifying "members" attribute does not return the group members Web Container PH00448 A CWWKE0702E message is printed when the webCache-1.0 feature is enabled Web Services (JAX-WS, JAX-RS) PH00401 Potential man-in-the-middle attack in WebSphere Application Server Liberty for JAXWS(CVE-2018-8039) PH01221 Potential man-in-the-middle attack in WebSphere Application Server for JAXRS (CVE-2018-8039) Web Services Security PH12959 basicRegistry-1.0's 'ignoreCaseForAuthentication' attribute does not apply to getUsers(...) method Add global error when user registry is not found Incorrect CWWKZ0022W messages printed with VirtualHost Usage Quiesce should not be blocked by application start Liberty 18.0.0.1 startup issues with Arabic locale Make RC consistent for starting liberty as a Windows Service Server failure before framework startup can leave JVM running Need to squelch "Could not obtain lock" errors appropriately Need to improve config dropins processing In 18.0.0.2 an IllegalArgumentException can occur when "maxParamPerRequest="-1" Java 2 security issue in org.apache.cxf.transport.https.HttpsURLConnectionFactory Add global error when user registry is not found When a thread is interrupted waiting for a connection from the connection manager, maximum connections will be decremented. NPE in JAXRS client when OpenTracing is included Spring boot application deployment in Liberty throwing Class cast exception PageControl's 'startIndex' is not honored when 'size' is greater than results Add doPrivileged code for InetAddress related activity in messaging Add doPrivileged code for InetAddress related activity in IIOP ConcurrentModificationException when a JAXRS API has multiple consume and/or produce MediaTypes Fix server hang issue when bootstrap.properties variable is incorrectly specified Format problem with logs when traceFilename=stdout and traceFormat=ENHANCED / BASIC NonPersistent EJB timer dying if timeout throws exception on last retry RejectedExecutionException: Trigger.getNextRunTime: null creating EJB timer SSL Closing handshake improvement Install kernel does not throw exception if already installed features are specified again with a different capitalization Install kernel map installs features without wlp/bin and wlp/dev contents ManagedScheduledExecutor tries to run tasks during server shutdown Injection race condition in JAX-RS during startup Maven features should provide transitive dependencies for stable API, third-party API PersonAccount's and Group's get(String), isSet(String), and unset(String) methods may throw NullPointerExceptions Correct getServletPath for default mapping release bug: mpjwt JsonWebToken.getAudience() return type noncompliant with spec when no audiences present. Update Yoko to favour CSI endpoints PI99031 Garbage collection events not captured by logstashCollector-1.0 for IBM Java 8 SR 5 FP 6 and above Intelligent Management Component PI92330 CWWKS2910 error when using dynamic routing in Liberty on z/OS with SAF security Java Persistence API (JPA) PI92847 JPQL with trim is not handledProperly and it results in DatabaseException PI93064 EclipseLink throws ORA-00932 for CLOB fields in an ElementCollection PI94027 EclipseLink JPQL generation for nested arrays with 'in' expression PI95283 EclipseLink InsertObjectQuery concurrency failure PI95766 db representation of boolean values withPostgres is incorrect PI98574 If Liberty Admin Center was accessed via reverseProxy,the Liberty server made an unnecessary request back to theProxy server Liberty z/OS PI82554 WebSphere Liberty AngelProcess does not identify its version and fix pack level during start-up PI90719 Command line script to detect if commandPort is enabled, for use duringPause/resume request PI93922 SMF120-11 timeused and starttime is only set for a forwarded servlet PI95864 Specifying an angel name of "" for the server does not register server to default angelProcess PI96813 It is difficult to automate WebSphere Liberty from messages on the z/OS console PI96954 Liberty on z/OS memory leak in 64bitPrivate due to native DirectByteBuffer support PI97611 ABEND0C1 in ntv_getAngelVersion with WebSphere Liberty version 18.0.0.1 Security PI89624 CWWKS4106E: LTPA configuration error in Liberty PI95717 suppressUncoveredHttpMethodWarning configuration does not work PI96014 Authfilter in Liberty not matching when multiplePaths are defined PI96597 There is an issue with the cache Systems Management Functions PI95994 Deploying docker container as liberty collective member failed with error "already appears to be a member." PI97924 Improve the error handling of a Collective join command using sshPrivateKey option Virtual Member Manager (VMM) PI96814 SCIM returns HTTP status code 500 whenPassed an invalid filter Web Container PI93226 SRVE0266E : Error occured while initializing servlets:java.util.ConcurrentModificationException Web Services (JAX-WS, JAX-RS) PI97288 Attachments behavior change in Liberty after migrating from tWAS Web Services Security PI94599 Intermittent NPE in SocialLogin feature when a running server is reconfigured PI96012 Client authentication JWTS require "sub" claim PI96884 Information disclosure in WebSphere Application Server Liberty (CVE-2018-1553) WebSphere Compute Grid PI90716 Liberty z/OS CWWKY0035I: An exception occurred while trying toPersist job java.lang.IllegalStateException: no match found PI90961 Liberty on z/OS: Batch JMS dispatcher change to lazy access of connection factory PI93514 JobPurge request deletes the batch db records even when the executor JVM is stopped PI98247 After batch events config change,atchManagerZos hangs waiting for job completion; batch job log events notPublished correctly PI98295 The dispatch (JMS) message for a stopped job can, if later consumed, cause a later restart execution of that job to fail. PI99138 Repeated delivery of Batch job dispatch JMS message resulting in ClassCastException each time LDAP registry with global class mapping in groupMemberIdMap adds "objectclass=*" to Group searches On restart of a Java Batch job, deserialization fails when checkpoint objects contain array type fields JSP engine unable to find tag files within loose JAR file Send and receive Strings in SIB messages using strict UTF8 In 18.0.0.1, the minify option is not making the runnable JAR package any smaller Access Log "maxFiles" attribute not working as intended with value of 0 Kernel Service MBeans not properly exposed Federated repositories does not restrict the names of extended properties Package `com.ibm.websphere.kernel.server` is not exposed as IBM-API Default app classloader ProtectionDomain set by common libraries AsyncIO native direct ByteBuffer leak Avoid full deserialization within ObjectMessage.toString() NullPointerException from EJSContainer.postInvoke() method Close streams for repositories represented by a single JSON file Add mapping of all JSP files in web module into the generated_web.xml Test Failure (20180420-0319): LoadTest.testCommitAndRollback RuntimePermission denied for WSJdbcTracer invoking newProxyInstance ldapRegistry-3.0 does not configure a read timeout for JNDI connections PI96086 - Nested EJB Async method calls not honoring nested get(timeout, unit) timeouts suppressUncoveredHttpMethodWarning does not work Redeploying WABs leads to OutOfMemoryError JAXRSClientImpl.target(UriBuilder) fails with IllegalArgumentException when client built with input containing a template variable Batch runtime should only transition to InstanceState.JMS_CONSUMED from JMS_QUEUED state. java.sql.SQLFeatureNotSupportedException: Method org.postgresql.jdbc.PgPreparedStatement.getLargeUpdateCount is not yet implemented. Failure to load JPA PersistenceServiceUnit used by Batch feature using V2 version of JobInstance entity. Connection leak if failure occurs while managed connection is being constructed Update EclipseLink binaries from 2.6.6.WAS-3e5c71a to 2.6.6.WAS-0ab4033 Security exceptions thrown when trying to use IIOP with Java 2 security JAX-RS Client APIs fail when attempting PATCH method over HTTPS on IBM JDK Validate paths within WAR files PI93411 Saving changes to member's configuration files via Admin Center's Server Config tool get applied to the controller instead Liberty Kernel PI94763 Fileupload causes NullPointerException on getHeader() call PI94116 Open Liberty rollup for 18.0.0.1 Liberty OSGi Application PI88291 Slow start of the web services and error during the startup of the services Liberty System Management PI92311 Memory leak in liberty swagger library during application stop/start Liberty z/OS PI91275 Add an informational message to WebSphere Application Server Liberty on z/OS logs to indicate which angel process is used PI91511 SMF 120-11 UserData added from a filter does not show up in the final SMF record PI92070 WebSphere Application Server Liberty on z/OS WOLA CICS link server fixes for RTXSYS and RTX parameters PI92171 An intermittent performance degradation is observed with CICS v5.4 and Liberty 17.0.0.3 compared to Liberty 17.0.0.1 PI92868 WebSphere Application Server Liberty on z/OS crash in CICS BBOATRUE during shutdown when embedded Liberty servers are at a mix of 16.0.0.3 and 17.0.0.3 Security PI86784 Enable the function of enforcing URL hostname verification as an attribute on the ssl element of server.xml PI90980 Potential spoofing vulnerability in WebSphere Application Server (CVE-2017-1788) PI91500 GetUserPrincipal().getName() returns garbled user ID on 17.0.0.3 PI92764 Message CWWKS3005E issued when a Federated repository is configured PI94094 SAF API doc missing from Javadoc package in Liberty Sessions PI93474 Remove SessionManager instance when application is stopped Systems Management Functions PI92781 A Liberty collective controller sometimes logs a NullPointerException PI92828 Liberty collective intelligent management features may fail to function correctly intermittently Web Container PI90804 Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031) PI92334 Application class loader is not set correctly in a thread during an async operation Web Services (JAX-WS, JAX-RS) PI92494 Potential denial of Service in WebSphere Application Server Liberty for JAXWS(CVE-2017-12624) PI89936 Vulnerability in Apache Commons affects EJB Embeddable Container and JPA Client (CVE-2015-7450) General PI80333 Support CPU constraints in ProductInsights PI82233 Non-daemon threads are created with remote EJB using the IIOP transport PI82510 Liberty appserver automatically decompresses the bodies of incoming http-soap messages PI82557 TCP Channel access lists not documented PI84016 OpenJPA orm.xml default schema used over 'openjpa.jdbc.Schema' property PI84349 Liberty Oauth 2.0 may encounter a SQL syntax error for the option "LIMIT" during cleanup PI84428 ArrayIndexOutOfBoundsException from OpenJPA for query on EmbeddedId PI85402 EclipseLink does not recognize Java 9 platform PI86208 Cannot decode IOR due to ClassCastException PI86321 Liberty OpenID Connect Relying Party does not handle large id_tokens in implicit logins PI86840 Eclipselink generates sequence IDs incorrectly for @EmbeddedId classes that are shared across multiple entities PI86914 Correct mapper is not chosen due to the order and when mapper classes are represented by proxy object due to injection PI87557 Null pointer exception when TAI returns NULL TAIResult PI87565 OutOfMemory issues from webcontainer component WebComponentMetaDataImpl PI88051 Application reload when a JSP file under WEB-INF is updated PI88485 The groupProperties membershipAttribute does not work when filters exist PI88618 CWPMI0010W was found in the messages.log PI88620 Performance degredation when federating SAF registry PI89003 Help tet for the BatchManager listJobs command is unclear PI89041 FFDC java.lang.IllegalStateException: Module has been uninstalled. occurs when dynamically configuring Liberty PI89278 Incorrect value of FreeConnectionCount PI89446 Product Insights throws NullPointerException PI89584 Certain early startup and product script messages are not properly translated into non-English languages PI89672 OutOfMemoryError in ArrayList containing objects of type com.ibm.ws.logging.internal.impl.IntrospectionLevelMember PI90013 30 second delays for remote EJB when running as a collective member PI90154 BluemixUtility fails to create/delete instances of Watson Discovery service PI90282 CWWKB015E IWMEJOIN return code 2,135 during servlet read listener PI90699 ProductInsights errors after resuming from 'sleep' state Java Persistence API (JPA) PI80863 Issue with the way OpenJPA caches and reuses query parameters for BETWEEN expressions when OpenJPA's QueryCache property enabled PI81260 OpenJPA does not pass-through SSL connection properties that set using openjpa.ConnectionProperties when creating Db2 connection JavaServer MyFaces (JSF) Apache MyFaces implementation PI88288 jsf-2.0 MyFaces error handling cannot be enabled in production project stage PI88850 High CPU issues from org/apache/myfaces/ PI89168 Protected-view not working in Liberty 16.0.0.4 PI89363 ProtectedViewException for a protectedview access while checking the OriginJeader for appContextpath PI90507 Instances of action listener in a FaceLet are not being removed until app shutdown PI90509 Fix for MYFACES-3752 Liberty Application Services PI69483 Removing IBM-App-ForceRestart header causes applications not restarted Liberty Kernel PI90930 Open Liberty Rollup for 17.0.0.4 Liberty z/OS PI86596 Removal of possibly misleading FFDC z/OS liberty Async Servlet support PI90060 Messages occurring very early at startup are not printed to the MVS console when requested in the zosLogging configuration PI90429 When starting a Liberty server as a started task on z/OS from the server script there is no option to specify a job name Performance Monitoring Tools PI81367 java.lang.ClassNotFoundException dumped in the FFCD log file when PMI monitor feature is enabled PI87599 ConnectionPoolStats MBean was not available if enabled the trace with com.ibm.websphere.monitor.*=all Security PI88769 Liberty 17.0.0.2 is throwing ClassCastException when calling ibm_security_logout with Extreme Scale feature enabled Session Initiation Protocol (SIP) Container PI78794 The SIP Container fails to parse a message when the size exceeds 2048 bytes and double CRLF is sent before the message PI79119 With number.of.parse.errors.allowed set to -1 WebSphere drops well formed requests Systems Management Functions PI81552 Application state becomes stale at the Liberty collective controller PI83274 Incorrect collective member status shown in Admin Center PI88296 Password protected ssh keys cannot be used for remote host authentication Web Services Security PI84359 OIDC WASReqURLOidcp cookie constantly grow when LTPA token expired PI89103 OpenSAML used by WebSphere Liberty contains XML external entity (XXE) vulnerability (CVE-2013-6440) PI89575 LTPA cookie is not created in certain single sign-on scenarios WebSphere Compute Grid PI88583 In WebSphere Liberty 17.0.0.x Java batch executor fails with CWWKS0800E error PI78552 DYNA1064E is logged on some dynacache APIs when the underlying cacheprovider does not support disk caching EJB Container PI87472 EJB remote injection fails with NPE if ORB not yet available Federated Repositories PI05723 Handle long data type from VMM for extended properties PI79440 NullPointerException in URBridgeXPathHelper.getExpression() PI79452 NPE in LdapConfigManager.getSupportedProperties() PI81497 When one base DN is the subset of another in a federated repository, LDAP failures occur PM95697 LDAP contexts getting leaked after first connection exception General PI77400 BBOA1INV Fails with RC = 8 RSN = 44, FFDC invalid group name returned PI80363 Allow configurable maxFieldLength in the logstashCollector PI80397 Remote EJB call with the same object in multiple arguments fails PI80932 WSCredTokenCallbackImpl class is not visible to applications PI81056 Liberty server needs to retry starting the TCP channel after error CWWKO0224E due to hostname resolution error PI81124 Closing websocket session throws NullPointerException PI82101 Task retry not immediate after XAResource rollback PI82109 Provide support for CICS 5.4 in WebSphere Optimized local Adapters PI82218 JAX-RSResponses contain unnecessary Cxf-Content-Language header PI82296 AsyncContext.comple() fails when called from a readListener PI82327 java.lang.RuntimePermission error when destroying an upgradeHandler PI82364 For JAX-RS 2.0, a request may fail with a 404 because a resource class was incorrectly indicated as not found PI82556 AppSecurity-2.0 does not include trustAssociation in Liberty PI82672 productInsights does not register embedded WebSphere PI82684 During server shutdown, if ProductInsights is trying to complete its first registration it may not cancel all of its tasks PI82994 filenotificationmbean may not notify the listener PI83111 Monitor function of AdminCenter does not display the correct value of "used connections" PI83159 JAX-RS resource methods report as not found when using scientific notation as path parameters PI83439 ClassCastException thrown when using remote EJBs in servlet with parent-last classloading PI83516 Using reference-listener along with service factory causes TransactionManager errors PI83682 ProductInsights not reporting used JVM memory correctly PI83713 Path template variables in JAXRS 2.0 do not support scientific notation PI83901 The context ClassLoader is not getting set properly when loading CDI extensions at app startup PI84036 JAX-RS Client must access endpoints via authenticating proxy PI84083 Usage data is not queued if connection to Bluemix Product Insights host fails PI84327 WebSphere Application Server Product Insights does not send in group name translations PI84487 Certificate login does not work with custom user registry on Liberty PI84842 The application's classloader is leaked when restarting the app PI85373 Open Liberty Rollup for 17.0.0.3 PI85490 Deadlock caused by WsLogManager and SIB trace code PI85492 Commit of HTTP response in render_response(6) PI85683 Register Windows service and start/stop service for Liberty fails if it is installed in directories names with a space PI85783 Accumulation of org.apache.cxf.transport.http.osgi.HTTPTransportActivator objects PI85910 OIDC does not recognize x5c tag in JWK PI86198 Inconsistent aliasing between --jobParameterFile and --jobPropertiesFile in the batchManager and batchManagerZos CLI PI86443 Use of the JAX-RS multipart media type results in a java.lang.ClassNotFoundException: javax.ws.rs.core.MediaType PI87119 NullPointerException caused by external port component configuration PI87467 CDI injection into JAX-RS classes is broken when using multiple apps and one app is not CDI-enabled PI87504 JAXRS server response does not contain a servlet exception when an unmapped checkedException occurs Install V8 and above PI88170 Block installUtility/featureManager install userFeature '--to=core' Java 2 Connectivity (J2C) PI82859 Incorrect value of connectionPoolstats PI86100 Intermittent sharing scope for data sources being created at the same time on two different threads PI87470 Unable to install resource adapter using loose configuration file Java Message Service (JMS) PI81329 NCSA access logs %B option output displays "-" instead of the size of the response in bytes PI81864 ConcurrentLinkedList tailsequencenumberlock garbage collected Java Persistence API (JPA) PI77555 Eclipselink scrollable cursor results in a ClassCastException PI80863 OpenJPA caches and reuses the query parameters for BETWEEN expressions when OpenJPA's query cache is enabled PI81260 OpenJPA does not honor SSL connection properties for DB2 Java SDK PI85250 Hung thread issue in myfaces _getMetadataTarget PI86494 Messages returned from JSF APIS are in the incorrect order JavaServer MyFaces (JSF) Apache MyFaces implementation PI82893 JAVAX.FACES.INTERPRET_EMPTY_STRING_SUBMITTED_VALUES_AS_NULL value affects display behaviour for required fields PI87299 Information disclosure in Apache MyFaces affects WebSphere Application Server (CVE-2011-4343) PI87300 Information Disclosure in WebSphere Application Server in JSF (CVE-2017-1583) JavaServer Pages (JSP) PI82529 HTTP transport encoding CP943C is used for JSTL params PI83486 StackOverflowError generated due to the JSP TabLibraryCache recurses into loadWebInfMap with the value "/WEB-INF" Liberty Application Services PI87139 Configuration updates blocked by application restart PI87468 Schema lists invalid attributes for resource adapters and EJB applications Liberty Debug and Tracing PI83872 NullPointerException in MultipleCriteriaFilter when retrieving logs from Liberty binary log Liberty Kernel PI87138 Synchronization in ConcurrentServiceReferenceElement creates a performance bottleneck PI87471 Potential NullPointerException ServerXMLConfiguration.parseDirectoryFiles PI87480 AccessControlExceptions in Liberty kernel code Liberty System Management PI85828 Correcting algorithm for collective deployment using a local file Liberty z/OS PI78510 .pid directory created with wrong permission settings PI78787 WOLA ACEE copied from CICS invalid for TSS PI79017 z/OS connect cannot read request that came in with transfer-encoding=chunked PI79034 For products that embed Liberty, some bootstrap.properties do not take effect at server startup PI82088 Prevent Error loop when TDQ is unavailable for write PI83503 WebSphere Liberty servers with zOS connect failing to start with abend 0c4 in wolanativeutils.ntv_activatewolaregistration PI85520 Message CWWKO0229I is not issued when asynchronous I/O is configured Messaging Providers PI83027 Default threadpoolstats data cannot be retrieved due to InstanceNotFoundException Performance Monitoring Tools PI80861 The Japanese translated message for TRAS0115W is incorrect Security PI73345 Distributed identity mapping not working in Liberty z/OS PI84335 PasswordUtil API classes are not packaged in a separate PasswordUtil.jar file PI84597 Liberty z/OS trace includes unnecessary information Servlet Engine/Web Container PI81052 JSF portlets may not be able to obtain a session ID PI87466 ArrayIndexOutOfBoundsException is thrown when groupMemberIdMap inside ldapRegistry is empty Web Container PI83141 WebContainer performance issue when under high load Web Services (JAX-WS, JAX-RS) PI64462 NullPointerException in org.apache.cxf.jaxrs.impl.tl.ThreadLocalProviders.getContextResolver() PI86914 Correct Mapper is not chosen due to the order and when mapper classes are represented by proxy object due to injection Web Services Security PI62735 The groupId(s) get lost in id_token and introspection PI68809 WebSphere Application Server XML crypto libraries cause classloader conflict with Java XML crypto in certain scenarios PI78760 OIDC IDToken updates to the "sub" field do not take effect PI80166 OIDC provider does not recognize custom realmname from token PI80689 Database persistence for tokens might not function correctly when the backing database does not support CLOB data types PI80741 OpenID Connect (OIDC) cookie not fully removed PI80963 Refresh tokens are issued unconditionally even for clients that do not require them PI94351 Secure flag is not set on the Liberty WASOidcCode cookie WebSphere Compute Grid PI72923 CDI injection of Java batch jobcontext fails with npe in the absence of an active job on the current thread PI81200 StepListner.afterStep cannot catch an exception thrown by ItemProcessor.processItem PI84639 batchManagerZos not available after minified server is extracted PI86175 Prevent job start and restart of the same job from occurring simultaneously PI86193 Support message delay/priority for Liberty Java Batch PI80335 DSRA8020E Error is thrown when using IBM i Toolbox JDBC driver with WebSphere Liberty EJB Container PI77856 EJB 3.x Stub class throws RemoteException for communication failure PI79261 Deadlock with persistent EJB timers for Singleton beans General PI71956 CWWKE0108I is written to stdout PI74918 The umask values is not shown in the server logs PI75258 The CICS Link server abends when unable to write to a TS Queue PI75280 Attributes missing from the element httpOptions and throws warning message PI75512 Cleanup up websocket connection when outbound connection attempt fails at the app server PI75590 Corrections are needed to the documentation in the Knowledge Center PI77605 JAXRS Client APIs do not use configured SSL settings PI77615 JAXRS application start fails with ClassNotFoundException when JSPs are specified in web.xml PI77976 ConstraintViolationException when using @Valid annotation PI78177 When a websocket connection is closed while reading data an object leak might occur PI78260 Liberty jaxb-2.2 feature does not expose some xlxp2 packages PI78738 Loop while closing an SSL connection PI79260 ProductInsights reports incorrect product version and host name PI79275 JAX-RS 2.0 Client calls fail when ssl-1.0 feature is enabled without any SSL configuration. PI79391 ContainerRequestContext.hasEntity() returns true for a GET request. PI79987 Endpoint MBean information does not update when server.xml <httpEndpoint> is modified PI80082 JAX-RS 2.0 OPTIONS methods are not invoked when used in sub-resource locator classes PI80256 AccessControlException thrown when finding resources if Java 2 security is enabled PI80285 For JAX-RS 2.0, a request may fail with a 404 because a resource class was incorrectly indicated as not found PI80314 Support for product insights in embedded server PI80315 The productInsights-1.0 does not support BASE ILAN edition PI80514 A jndiEntry config element with a value of "0" is parsed as a java.lang.String but should be a java.lang.Integer PI80631 Access Log file and ELK time stamps are not the same PI80632 Messages with digits in prefix of message ID have a blank messageId field in logstashCollector PI80719 Websocket race condition on writing data while closing can hang a thread PI81082 java.lang.ClassFormatError: JVMCFRE074 no Code attribute specified; is thrown PI81086 NullPointerException thrown when using a JAX-RS provider class without a public constructor PI81396 Unable to register a liberty server with product insights though an authentication required proxy Intelligent Management Component PI80237 Null return codes for health actions cause NullPointerException Java 2 Connectivity (J2C) PI78463 After configuring a connection factory for CICS RAR, the server issues J2CA8501E PI80357 JMS connection factories defined through annotations can fail to allocate connections PI81549 When using SQLJ context caching, auto commit and/or transaction isolation level become inconsistent PI81717 The WaitTime provided by the ConnectionPoolStats MBean is in nanoseconds when it should be (and is documented) in milliseconds PI81840 Bean Validation 1.1 @DecimalMin and @DecimalMax constraints inclusive property not working Java Persistence API (JPA) PI76834 Unable to use DB2 XML data type with EclipseLink JPA; Null pointer produced PI76902 NoSuchMethodException when a program is using CONCAT function PI78643 Eclipselink JPA/Auditing capablity in EE Environment fails with JNDI name parameter type PI79397 org.omg.CORBA.BAD_OPERATION when running a select SQL statement PI81076 ServerSession numberOfNonPooledConnectionsUsed can become invalid when Exception is thrown connecting JavaServer MyFaces (JSF) Apache MyFaces implementation PI79562 Leading '/' in JSF context param-value throws StringIndexOutOfBoundsException PM76997 VMM certificate authentication fails when DN contains non-default X509Certificate attributes Web Container PI75166 TAI cannot obtain the SSL endpoint information using direct connection PI76699 Provide an option to override the default values for the ESI properties in the plugin-cfg.xml PI76891 Exception from com.ibm.ws.webcontainer.osgi.mbeans.PluginGenerator during server stop PI77629 NullPointerException if login is required to access a servlet which uses a ReadListener. PI78193 Returned default html error page has extra closing tags PI78633 Access control exception due to read permission of a property from Cookie class PI79334 Unexpected error when an application is initializing during server stop PI80313 Enable Post Data to be read multiple times. PI80668 ServletException when creating a servlet, filter or listener from a ServletContextListener with Java2Security enabled PI81688 Plugin config file generation fails after a configuration update is made to a Liberty server when it is running Web Services (JAX-WS, JAX-RS) PI77438 JAXB context creation is very slow in Liberty during Web service load test Web Services Security PI76629 Add authentication option to JWK endpoint invocation PI78760 OIDC IDToken updates to the "sub" field do not take effect PI80166 OIDC provider does not recognize custom realmname from token PI80689 Database persistence for tokens might not function correctly when the backing database does not support CLOB data types PI80741 OpenID Connect (OIDC) cookie not fully removed PI81403 An error may occur if the string representation of a subject includes an ID token that contains a claim with a non-string list WebSphere Compute Grid PI78436 Using batch injection in joblistener results in NullPointerException PI79686 Slow response when using batchpersistence in Liberty PI80634 When trying to stop an already completed job the error message does not return with the correct jobInstanceId PI80635 CDI implementation does not support batch artifact loading via batch.xml PI76168 After global transaction ends, the reported auto commit value can be inconsistent with the Oracle JDBC driver General PI68233 SSLSessionTimeout is not recognized as a valid attribute for sslOptions element PI71616 configUtility find or install throws a NoClassDefFoundError when using local repository PI73277 EclipseLink 2.6.3 does not support JPA-convertor for primitive data types PI74721 Errant timeout can occur with async sends in WebSockets PI75015 Memory leak in JAX-RS client. PI75022 Failure to parse a java.util.Date object when creating a new javax.ws.rs.ServiceUnavailableException. PI76688 Private lifecycle methods in JAX-RS resources are not invoked Java 2 Connectivity (J2C) PI60146 Connection sharing cannot be controlled in Liberty when using direct lookup PI71092 java.lang.UnsupportedOperationException when accessing a tested data source PI73350 Connection manager settings not honored PI74533 Setting an agedTimeout value of 0 on a connection manager results in J2CA8011E PI75426 Connection manager configuration intermittently ignored for application defined data source Java Persistence API (JPA) PI74104 EclipseLink might add unused table in generated query PI74284 The JPA Container calls EntityManager.clear() instead of EntityManager.close() on cleanup JavaServer Pages (JSP) PI72709 Asynchronous dispatch to a JSP file under the WEB-INF directory fails. PI73022 JSP comments containing "%>" might throw a StringIndexOutOfBoundsException. Liberty Application Services PI74321 After upgrade to 16.0.0.4. NamingException and ClassCastException occur on JNDI lookup on IBM i PI75284 Intermittent NullPointerException from ApplicationStateMachineImpl when trace enabled or logging information in response to a failure PI75389 OSGi Applications can take significantly longer to startup after upgrading Liberty PI76368 A class that is both Remote and Serializable is mis-categorized during marshalling Liberty Debug and Tracing PI62350 Some server startup and early messages are not collected by logstachCollector-1.0 feature. PI74051 Transaction trace lacks PropertyPermission to read system property "com.ibm.tx.tracer" PI74318 Incorrect message IDs appearing on dashboard when using the Bluemix log collector PI76200 Stack trace is not included in the message field of liberty_message type PI76620 Filter tags in logstashCollector & bluemixLogCollector to avoid tags with special characters displaying oddly on dashboard PI76621 New message IDs need to be assigned to a few existing TRAS messages. Liberty Kernel PI72686 Removing and adding a feature can result in a warning message about duplicate metatype definitions PI73807 Some Liberty message IDs conflict with traditional WebSphere Application Server PI74527 Error CWWKZ0404E can occur when starting an application on Liberty PI74586 Liberty server does not start if jvm.options file contains spaces, after upgrade to 16.0.0.4 PI74792 java.lang.NullPointerException when starting an .ear application with autoExpand="true" in server.xml PI76013 Resolution error for optional server config include should not create an exception PI76432 Exception could be thrown and logged during a server shutdown if listeners timeout during quiesce PI76607 Features that cannot be loaded because of Java version dependencies may still be reported as being loaded PI76755 Liberty metatype registry problem - metatype extension duration changed from LONG to STRING in 16.0.0.4 Liberty z/OS PI50828 WLM support is ignored when running z/OS Connect in async mode PI66375 SPI for MVS MODIFY command support is documented to be externally available, but in fact is not available PI72065 Loop in Liberty z/OS server when AsyncIO is enabled PI72566 ABEND0C4 at BBGZSCFM+377E occurs during client bind PI72776 When WLP_ZOS_PROCEDURE is set the foreground JVM uses the full set of JVM options PI73559 WOLA service BBOA1URG fails with RC=12 RSN=240. PI73752 Suppress FFDC for com.ibm.io.async.AsyncSocketChannel 453 PI74564 WebSocket-1.1 feature does not work in Liberty imbedded in CICS TS 5.3 PI74875 Liberty Server hang in termination after a hard failure on z/OS PI74878 WOLA feature not started for 16.0.0.4 server using a version 4 Angel PI76238 Message CWWKB0392W contains no message text in messages.log. Performance Monitoring Tools PI75368 Slow memory leak might lead to OutOfMemory in Liberty PI76212 Monitor capability breaks when different thread pool name is speicified other than "Dafault Executor". Security PI72135 An AccessControlException is issued when restoring the security context using the ContextService APIs PI72653 Web filters need to receive the AuthModule wrapped request or response when using JASPIC PI73266 AccessControlException issued even when permission was granted in the permissions.xml file PI76359 Process default SSL Setting not getting reset on a file update PI76408 The method signature for java.security.SecureRandom.nextBytes() is no longer synchronized. Session Initiation Protocol (SIP) Container PI76614 SIP Router is initialized more than once. PI76615 Order of OSGI bundle could cause a class not found exception. Systems Management Functions PI74526 A collective name sporadically changes between its given name and the default name PI75433 Liberty collective member status becomes stale at the controller. Web Container PI71999 XML transformer factory changed during server start PI72223 The pluginUtility displays an untranslated message when using the merge action to merge plugin-cfg.xml files in a directory. PI72514 Application start fails to add context root in Virtual Host map PI72710 Response committed on return from Forward even when async is started. PI74499 Server quiesce not cleaned properly when write during close of upgraded connection goes asynchronous. PI75475 The WebContainer 'enableMultiReadOfPostData' config property was visible but not implemented. PI75528 The maxRequestSize optional attribute for MultipartConfig is ignored. PI76195 When the plugin configuration is generated it may not have one of the ports PI76271 CORS does not handle requests with PATCH methods correctly PI76351 ServletRequest.getRequestURI() returns inconsistent results after AsyncContext.start(). PI76364 isFinished() could incorrectly return false in some scenarios Web Services (JAX-WS, JAX-RS) PI70234 Custom HTTP header blocks SOAPAction header PI76616 HTTP servlet requests could be matched to incorrect cross-origin resource sharing (CORS) configuration Web Services Security PI72558 OIDC client cookie is not removed after it is used WebSphere Compute Grid PI73040 Batch job log REST URLs are incorrect for a failed job execution PI73249 The ddlGen script may produce an empty file when run against a server with the Java Batch feature configured PI74813 When using the batchManagerZos 'status' and 'listJobs' commands, the usage of --instanceId and --jobInstanceId are not universal. PI74924 Job with Java batch COMPLETED status moves to STOPPING status after shutdown in executor. PI76622 Provide V2 and V3 versions of existing Batch REST APIs PI76632 Job executions REST API syntax is misleading PI76701 Java Batch purge command fails after a job execution did not initialize correctly PI76702 Java Batch jobs store JES job name and JES job ID with trailing spaces WMQ messaging providers PI61885 postCallWithException throws java.lang.IllegalStateException PI71691 BundleException happens when adding a feature to a running server causing a bundle to be reinstalled PI72136 Server startup fails with CWRLS0009E error due to failure in the transaction manager's recovery log service PI61450 Apache Wink does not remove quotes from the boundary value Content-type: multipart/mixed; boundary="simple boundary" PI71752 Plugging in an external cache provider does not work with the distributedMap-1.0 feature. EJB Container PI66621 ReferenceContextImpl caching empty list of targets for JSP classes PI67942 javax.servlet.HttpServletRequest.getRequestURI() might return a decoded value after dispatching PI69642 NullPointerException deleting stateful EJB General PI42673 Extra information in logs with Datasource custom properties PI67034 Access was denied for property org.apache.jasper.constants.jsp_servlet_base. PI67099 Provide option to add STS response header for HTTPs request PI68432 When user applications are using Websocket Decoders a slow memory leak can occur. PI69737 Errors are not logged when tasks submitted to managed executors fail PI70332 System property to enable SSL Channel timeoutValueInSSLClosingHandshake property PI71359 FFDC is produced for a NullPointerException in com.ibm.ws.tcpchannel.internal.SocketRWChannelSelector.updateSelector Install V8 and above PI68915 Default server.xml is incorrect PI69133 Disk space validator returns NullPointerException. Java 2 Connectivity (J2C) PI68163 MQJCA1011: Failed to allocate a JMS connection PI68257 Connection manager might remain active after transaction manager has been disabled. PI69122 J2C pretest being used despite FailingConnectionOnly option PI69887 FFDC logged for resource adapter config property with getter that is named with "is" rather than "get" PI69957 Destination ID erroneously used for JCA 1.7 destinationLookup instead of JNDI name. PI70224 The value of ConnectionHandleCount on the ConnectionPool MBean is not accurate when in use connections are destroyed PI71193 Illegal State Exception when transaction timeout occurs and abort is used Java Persistence API (JPA) PI65593 The database schema name cannot be configured with openjpa.jdbc.SchemaFactory PI66770 JPA returns incorrect results when using a native query and @SqlResultSetMapping PI67234 ServerPlatformException Server platform class is not valid: null occurs with JPA 2.1 PI67790 java.lang.ClassCastException using JPA PI68028 EclipseLink throws ValidationException when using nested embeddables with the same attribute name PI68805 Potential leak of org.apache.bval.cdi.BValExtension$Releasable objects when using JAX-RS, CDI 1.2, and Bean Validation 1.1. PI70680 Deployment of persistence unit fails with DescriptorException PI70841 OpenJPA's ConfigurationImpl.loadGlobals() has java.util.ConcurrentModificationException PI75607 javax.persistence.PessimisticLockException when javax.persistence.lock.timeout set to 0 PI75608 Add EclipseLink support for Java 2 Security JavaServer MyFaces (JSF) Apache MyFaces implementation PI67525 inputFile tag is not working properly on Liberty PI70441 FlowBuilderFactoryBean Concurrency Issue JavaServer Pages (JSP) PI67257 An escaped EL expression is being run if an escaped dollar sign precedes the former expression PI69028 Null CodeSource location for classes loaded by JSPExtensionClassLoader PI69942 JSP property useJDKCompiler does not work in Liberty PI71436 A debugger does not stop at a breakpoint in a JavaSever Page (JSP). Liberty Application Services PI70600 Auto extracted web app files have incorrect timestamp. PI70848 When application autoExpand is enabled changes to an ear file are not detected by the Liberty server PI70870 ConcurrentModificationException in AppClassLoader when using the global library PI71116 When certain features are enabled the application property autoStart has no effect Liberty Kernel PI68170 Users of Liberty's OSGI EventAdmin service cannot change the topics of interest for a registered EventHandler PI70104 Starting a Web Application Bundle (WAB) can result in a deadlock sometimes when the WAB is installed and started dynamically PI70637 RuntimeException: Invalid call to WsByteBuffer occurs during shutdown PI71457 NullPointerException after a failure to bind an IIOP transport port PI71607 Schema for resource adapters contains an unused attribute. Liberty System Management PI69561 REST API Discovery missing APIs in web applications with multiple JAX-RS application classes Liberty z/OS PI67718 z/OS Connect is unresponsive to the STOP command from the z/OS Console PI69625 Liberty server at 16.0.0.3 may fail to start when using AsyncIO PI69886 When using the zosLocalAdapters-1.0 feature to talk to CICS, the CICS container LinkTaskRspContID already exists. PI70090 WebSphere Liberty "server" and native launcher handle a # in the middle of a JVM property inconsistently PI70896 Liberty Server hang in termination after a hard failure on z/OS PI71417 Startup time for Liberty for z/OS is unnecessarily slow. Messaging Providers PI62816 Allow more than one address to be specified in the remoteServerAddress field PI70961 Corrections to messages in JMS Messaging Performance Monitoring Tools PI70900 Events get lost when the logstashCollector config gets updated Security PI62070 Full chain created in PKCS12 but not for JKS key store PI62375 Potential code execution vulnerablity in WebSphere Application Server (CVE-2016-5983) PI69141 Make sure HTTPS URL connection default is set at the same time SSLContext is set. PI69161 Constrained delegation works only when Liberty trace is enabled PI69277 Java 2 Security permissions are not granted to a shared library when using the file element instead of a fileset PI69629 CWWKX8136W: Cannot validate the server identity PI69840 A NoClassDefFoundError or NoSuchMethodError may be thrown when accessing Swagger annotations. PI69870 IllegalAccessException on EL expression that processes isLast() of object referencing varStatus in JSTL for-each tag PI71525 NullPointerException when registering a Custom User Registry that returns a null realm name PI71585 NullPointerException when null password is passed into WSCallBackHandlerFactory PI71751 Provide better message when bad SSL configuration is used by CSIv2. PI71789 .InvalidNameException: Validation of the Collective DN failed. 0th element type was not dc Systems Management Functions PI69286 Non-ASCII names used in remote operations from a collective controller may become corrupted. PI69741 Remove extra information from trace file PI71792 New files added to a controller's configDropins/defaults directory are not replicated to other controllers in the collective. Virtual Member Manager (VMM) PI71825 CWWKS3006E error message seen during server shutdown. Web Container PI64898 AsyncListener onError not being called correctly PI65762 DestroyJavaVM() method call hangs and JVM fails to shut down when asynch servlet work has been performed PI67393 Polish the ReadListener PI68061 Option to display customized text for some server errors PI69220 A plugin-cfg.xml is generated with missing applications and future auto-generation fails. PI69803 A java.lang.NoClassDefFoundError error can occur when using the pluginUtility merge action. PI70063 A decrease in throughput can occur when many concurrent requests for JSP pages that make use of tag libraries. PI70184 WebSocket not working if application flushes without obtaining any outputStream or writer PI70873 java.lang.NullPointerException might occur during a request's cleanup. PI71851 Missing apostrophes in French and Italian pluginUtility text Web Services (JAX-WS, JAX-RS) PI70196 PI70196: ibm rest servlet cannot be mapped to two different urls: PI70313 Swagger API Explorer ignores protocol schemes for operations PI71238 IllegalArgumentException when getHours() is called PI71887 JAX-RS Client fails when running in OSGi bundles Web Services Security PI68101 JSON bits are missing from a URL when SAML authentication redirects a request PI68809 WSAS XML crypto libraries cause classloader conflict with Java XML crypto in certain scenarios PI69415 Support configurable context root for OIDC client redirect url WebSphere Compute Grid PI70886 Java Batch REST: STOP request may not return JobNotRunningException even when the job batch status returns as COMPLETED. PI70887 An exception in the batch executor may cause a message to roll-back onto queue (and get re-delivered) instead of consumed. PI71718 Attempting to purge multiple job instances fails when their executions are not on the same endpoint PI71719 Batch REST request for job instance job log links fails with remote executions WMQ messaging providers PI68664 Record-level sharing (rls) is miscalculating the amount of data to be written to partner logs PI69183 APAR PI18414 may result in the recovery log service using incorrect sequence numbers. PI69314 ELException, Can not find @Transactional annotation PI69328 CWWKZ0403E error message occurs due to error Unable to acquire the global write lock in time. PI66423 OraclePreparedStatement.getReturnResultSet and OracleCallableStatement.getCursor fail after unwrapping statement EJB Container PI60567 New system property to configure the EJB pool wait timeout PI62639 NullPointerException in CDIEJBManagedObjectFactoryImpl.getEjbDescriptor when creating EJB instance to pre-load the bean pool PI63571 AccessControlException: "accessDeclaredMembers" from com.ibm.wsspi.injectionengine.MethodMap.getMethods. PI63709 Application exception thrown from EJB constructor lost when @AroundConstruct interceptors present PI63821 Resource reference names starting with java:comp/env are ignored in ibm-ejb-jar-bnd.xml PI65205 FFDC for TransactionRolledbackException when using UserTransaction in stateful bean ejbRemove method PI66565 com.ibm.wsspi.resource.ResourceInfo not provided to ResourceFactory for <resource-env-ref> XML elements PI67070 Customer can get EJBExceptions related to non-persistent EJB Timers during server shutdown General PI60893 Deadlock caused by SIP Subscribe PI61548 Potential Denial of Service in WebSphere Application Server if using SIP services (CVE-2016-2960) PI63871 NullPointerException in MemoryPersistenceManager PI64472 Automatically determine whether a submit or restart should be issued from the batchManager and batchManagerZos utilities. PI65456 Issuing "job.ended" CWWKY0010I message instead of "job.failed" CWWKY0011W message, upon job failure. Install V8 and above PI65506 Display proper asset list when embedded asset repo is missing during IM modify_add flow Intelligent Management Component PI59258 Dynamic Routing fails to recognize the application until Collective Controllers are restarted PI63212 Reload of web server with Intelligent Management causes CWWKV0008W messages on a Liberty collective controller PI66993 Health condition is not set to the Liberty server in the Docker container. PI67392 DynamicRouting does not have route information for Liberty Docker on initial deployment Java 2 Connectivity (J2C) PI63520 Parked connection created by PoolManager results in setting a pre-existing client ID to a MQ connection PI66424 J2CA7002E is logged when server is stopped while in the process of installing a resource adapter. PI67186 The value of FreeConnectionCount on the ConnectionPool MBean is not accurate when in use connections are destroyed Java Persistence API (JPA) PI58114 ClassCastException when an equals comparison query is run on an entity with a composite @EmbeddedId PI64129 CDI applications that inject Validator or ValidatorFactory beans cannot be failed over in a cluster PI67305 EclipseLink assigns the same object instance to multiple embedded fields JavaServer Faces (JSF) SunRI implementation PI64899 When using the jsf-2.2 and beanValidation-1.1 features an OSGI warning message can be seen. JavaServer MyFaces (JSF) Apache MyFaces implementation PI63135 Custom type conversion is sometimes bypassed in EL 3.0 PI63633 Thread-safety issue in the underlying (Apache) JSF 2.0 code causes WebContainer threads to hang PI64195 @PreDestroy methods are not invoked on session invalidation for JavaServer Faces (JSF) javax.faces.bean.ViewScoped beans. PI64714 JSF message severities always set to ERROR after ValidatorException PI64718 Validators are not called when using selectManyCheckbox JavaServer Pages (JSP) PI64004 The scratchdir JSP attribute is not documented on Liberty PI65333 A JSP error "unresolved compilation problem" is thrown during runtime Liberty Application Services PI62861 Server stop runs before the ServletContextListener implementation completes PI63542 ArrayIndexOutOfBoundsException may occur when doing a JNDI-lookup to a remote EJB that is located in another cell PI64494 Timing window in generation of Type Code objects from class TypeDescriptors, causes performance problems during JNDI lookup PI64806 java.lang.StackOverflowError on WAR PI65244 EJB connection helpers are both null PI65637 Starting an OSGi Application intermittently causes an endless loop. PI66570 IllegalStateException thrown on server shutdown PI67028 AccessControlExceptionthrown from AppClassLoader.getResources() call PI67672 Extended use of remote EJB may cause error mentioning Phaser parties. PI67674 Restarting ORB may cause socket bind exception PI67719 AccessControlException from JTMThreadFactory, JNDI lookup, and JmsManagedConnectionFactoryImpl PI67739 Configuring a non-default ORB may interfere with application client. Liberty Archive Install PI66992 z/OS IM offering failed to modify asset due to error 'Failed to load bundle com.ibm.was.determine.job.type' Liberty Kernel PI62609 When coreThreads and maxThreads are the same value, CWWKE1200W messages, which indicate a hung thread, may appear erroneously PI63436 Embeddable Liberty command wlp/bin/server fails to run on old bourn shell used by Solaris 5.10 PI64318 Product validation error when running installUtility install PI67017 Apache Commons Compress was incorrectly added to Liberty's JVM classpath PI67231 Inconsistent installUtility/feature error messages when installing features or depending features not found on repository PI67665 Path normalization of configuration variables can cause unwanted modifications Liberty z/OS PI61412 HTTP access logs are not tagged on z/OS. PI61645 CWWKF0015I and CWWKF0014W messages are misleading PI63930 WEBSOCKET-1.1 feature does not work in Liberty Imbedded in CICS TS 5.3 PI64823 zosRequestLogging-1.0 feature does record the SAF mapped user ID in SMF 120 subtype 11 records. PI65658 Liberty z/OS unauthenticated ID experiences ICH408I calling HttpServletRequest.login with syncToOSThread enabled PI65709 Storage leak in subpool 249 key 2 when using the zosLocalAdapters-1.0 feature. PI66150 Liberty server processes the start of WOLA workload to slowly Security PI60769 IIOP sslRef mismatch not clear in error message PI61592 Security context not propagated into JCA resource adapter PI62626 jacc-1.5 feature does not package a separate API jar file even though it exposes the API. PI62722 Attempting to start or stop a member from the Liberty Admin Center running in a collector on z/OS results in CWWKS2910E PI63929 Potential open redirect security vulnerability in WebSphere Application Server Liberty CVE-2016-3040 PI63949 When auth-method tag is not used in Liberty a NullPointerException is thrown PI64065 CWWKS9112W: Invalid run-as configuration for security-role name ApplicationRoleName in the application ApplicationName PI64790 Cross-site scripting vulnerability in OpenID Connect client CVE-2016-3042 PI65716 configUtility and collective command line utilities do not support the custom password encryption PI66628 The message when the custom password encryption is not available is not acculate. PI67237 AccessControlException issued when an API tries to obtain an internal OSGi service via the kernel service SPIs. PI67467 An intermittent MalformedURLException is issued during the server shutdown when Java 6 is used and there are permissions defined Sessions and Session Management PI60026 Bypass security restrictions in WebSphere Application Server (CVE-2016-0385) Systems Management Functions PI62640 Collective utility help text for --keystorePassword is incorrect. PI66520 A collective controller shared configuration file is removed after it is renamed. PI66522 A deploy rule without a defined restart command produces an exception during a deploy operation. PI66523 The --createConfigFile option of the collective utility allows the config file to be in the configDropins/defaults directory PI66524 The collective utility writes an unnecessary request to edit server.xml. PI67220 Liberty member in a Docker container ignores metadata defined in the admin-metadata.xml file included in the container. PI67221 Docker registry commands in the Docker deploy rule mistakenly prepend the repository with the user name. Virtual Member Manager (VMM) PI62392 Login failure if userFilter contains userAccountControl attribute PI63471 getUserDisplayName returning null when basicRegistry is configured Web Container PI54459 Information Disclosure in WebSphere Application Server Liberty CVE-2016-0378 PI58875 Application is started even though there has been a listener exception during application start up PI61651 An uncaught exception in javax.servlet.AsyncListener.onComplete() might cause threads to hang PI63193 SRVE8094W might happen even if invokeFlushAfterServiceForStaticFile=false PI65853 WebSphere Application Server Web Container affected by Apache Struts vulnerability (CVE-2016-3092) PI67093 Information disclosure in IBM WebSphere Application Server CVE-2016-5986 PI67470 ConcurrentModificationException thrown on getServletWrapper when serveServletsByClassname is enabled PI67832 FFDC created when a feature is removed from server.xml. Web Services (JAX-WS, JAX-RS) PI64462 NullPointerException in org.apache.cxf.jaxrs.impl.tl.ThreadLocal Providers.getContextResolver() PI59818 Servlet and Object Cache services are initialized multiple times during Liberty startup causing delays and exceptions EJB Container PI58029 Classloader leak associated with PCRegistry PI59443 A method named ejbCreate on a managed bean may be treated as a post construct interceptor method General PI52696 WebSphere Application Server proxy - Too many open files PI53321 Using WOLA with CICS version 5.3 causes BBOX abend PI54666 NullPointerException when using IPv4/IPv6 loopback addresses PI55413 CICS BBO (WebSphere) link server abends with WRITEQ TSQ BBO* error eibresp: 16 eibresp2: 0 PI57228 The HTTP Channel consumes additional memory, in specific circumstances, when processing inbound data. PI58457 Quotes are automatically added to the cookie Path attribute on version 1 cookies PI58692 NullPointerException when using batchManager to purge and no arguments specified PI58800 High CPU utilization can occur for WebSocket sessions that expire using a non-default MaxIdleTimeout value PI58918 Response Splitting Vulnerability using a specific API CVE-2016-0359 PI59273 A job instance with zero executions cannot be stopped or restarted. PI61321 Serviceability changes for batch feature PI61621 The persistent user data and metric values are invalid when a job fails in the middle of a chunk step PI62053 HTTP Channel Access Log does not properly record how much is written to the file PI64247 For Double Byte languages an FFDC IllegalArgumentException can occur for a WebSocket connection that closes due to an error Intelligent Management Component PI61807 Web Server SSL certificate created by the Liberty dynamicRouting feature needs updating Java Persistence API (JPA) PI47094 ClassCastException using a shared JPA module on JPA 2.1 PI55889 JPA Merge fails intermittently with FOREIGN KEY constraint error PI58092 Delay in application startup on Liberty PI58523 When using jpa-2.1 with Bean Validation, XML constraints are not recognized PI59004 Criteria Modelgen API is not included for the EclipseLink provider PI59757 JPA PersistenceUnitUtil.getIdentifier() fails for nested EmbeddedId PI59782 Eclipselink on Liberty is missing javax.json imports PI59999 OpenJPA custom plugins can cause Classloader leaks PI62022 Bean validation interceptor is invoked twice JavaServer MyFaces (JSF) Apache MyFaces implementation PI57255 MyFaces CDI support is disabled if non-CDI application is loaded first PI59422 Flow beans are destroyed before the flow is finalized JavaServer Pages (JSP) PI56811 XXE and RCE via XSL extension in JSTL XML parse and transform tags PI59436 NullPointerException when using EL expressions returning null PI60837 A StackOverflowError can occur when com.ibm.ws.el.reuseEvaluationContext is set to true PI61400 There are unused message properties files packaged in the Expression Language (EL) 3.0 bundle. Liberty Administrative Center PI58080 Admin Center toolbox cannot save bookmarks with Explore search results which search on tags PI62052 Potential security vulnerability in Admin Center for Liberty CVE-2016-0389 Liberty Application Services PI53419 Liberty server z/OS: Deadlock adding WABs to web container PI58841 An OSGi web app using JSP and JSTL by default currently needs to explicitly import the JSTL spec packages. PI59010 CWWKC2259E: "Unexpected child element defaultDatasource" in WebSphere Liberty for EJB 2.1 PI60496 EBA fails to resolve when blueprint-1.0 is active PI60749 Common shared library classes return null when calling getProtectionDomain().getCodeSource().getLocation() PI61468 Application classloaders are leaked by transaction monitoring threads. PI61906 Classloading trace does not contain details of classpath being traversed. PI62078 ClassLoader leak in CDI's RuntimeFactory PI62240 ClastCastException doing a JNDI lookup PI62385 Classloading perfomance of the Liberty ORB has been slightly improved. Liberty Archive Install PI60256 Failed to testConnection against wlp-feature-8559.zip PI62355 License jar upgrade returns a confusing message when it fails due to invalid edition. Liberty Debug and Tracing PI57488 Null characters added to logs when truncated by user PI58309 NullPointerException seen with logstashCollector-1.0 feature when access log source is enabled PI58310 logstashCollector-1.0 feature reports a NullPointerException during server shutdown operation PI58311 TRAS0120W message reports incorrect lost events PI58386 Duplicate FFDC records are sent for the same failure by logstashCollector-1.0 feature. PI60821 NullPointerException when eventLogging feature is removed PI61051 Removal of ISADC script PI61371 High Performance Extensible Logging (HPEL) binarylog view does not sort by time stamp PI62013 Warning message should be issued when wrong source is specified. PI62015 Unexpected null pointer exception appearing in FFDC logs with logstash collector whenever updating the source Liberty Kernel PI48971 ActiveMQ properties not being honored in JMSActivationSpec in Liberty PI59235 Problems with serialization code PI59906 Server command help is missing the --os option description PI60941 When installUtility install serverName is run, the server logs and workarea were not created under WLP_OUTPUT_DIR PI61175 During startup the application manager can cause an FFDC with a ConcurentModificationException causing no applications to start. PI61177 Spurious error may be logged when bundle starts and immediately stops. PI61178 Dynamically configuring one or more features from zero features delays starting applications by 30 seconds PI61319 The help for the productInfo command line tool reports an error rather than provide the help text. PI61320 Missing attribute message is confusing PI61324 Server package zips when unpacked lack file permissions for scripts in bin folder. PI61451 installUtility command may fail with a SocketException: "Too many open files" Liberty System Management PI57567 Merged plugin-cfg.xml generated by ClusterManager mbean generateClusterPluginConfig operation contains dup elements PI58426 Collective create always treats --keystorePassword as a required argument PI61176 Using the IBM JMX REST client from Liberty requires setting too many properties PI61895 Swagger document and UI in apiDiscovery-1.0 did not show non-ASCII characters properly. Liberty z/OS PI50018 linkTaskChanID property does not work when used with z/OS Connect service provider PI52665 z/OS WOLA CICS BBOC control transaction cannot support long command strings from the console PI54756 z/OS Connect JSON Parse Error message missing JSON payload. PI56919 IllegalArgumentException: com.ibm.ws.security.saf.SAFException: CWWKS2910E: SAF service IRRSIA00_CREATE did not succeed PI57546 UserRegistry.getUsersForGroup() is not implemented in Liberty server PI58016 Asian characters in UTF-8 encoded payloads are converted to escaped unicode characters PI58155 Liberty server takes ABENDEC6 RC0000FD1D due to CPU time limit exceeded PI58468 WOLA fails to reconnet to CICS TS after previous executions have succeeded PI59320 ABEND 0C4 RSN=00000004 or a CICS ASRA ABEND when you have more than 128 WOLA connections in an address space PI61322 CICS programs called over WOLA are being passed an incorrect channel or container name. PI61323 An ABENDDC2/ABENDSDC2 occurs in program BBOATRUE when CICS is configured to use an embedded Liberty server. Performance Monitoring Tools PI60781 NullPointerException being thrown from requestTiming feature if any exception occured Security PI55373 Collective framework needs to support certificates signed by third party signers PI59813 Improve the exception generated when client does not trust the server. PI61090 NullPointerException from FeatureWebSecurityCollaboratorImpl PI61204 NullpointerException when using ibm_securitylogout in Liberty PI61253 OAuth or OpenID Connect response does not contain state parameter PI61622 The French help text of the PasswordUtility command line utility contains typographical errors. Systems Management Functions PI58664 Liberty collective member status is incorrect PI62453 When making a JMX Connection to a collective member, the JVM default for HTTPs connections is updated Virtual Member Manager (VMM) PI54746 Federated repository does not allow a user login with Turkish characters PI56819 User login failure when uniqueUserIdMapping inputProperty set to non default values Web Container PI51122 Webcontainer intermittently generates a 500 error with StringIndexOutOfBoundsException PI56833 WebContainer is setting the Content-Language PI57951 Line feed code disappears when data is uploaded with enctype="multipart/form-data" in an HTML form PI58920 Dispatcher type obtained from HttpServletRequest is not updated on post processes PI59415 Development version of servlet SPI bundle does not match with runtime webcontainer bundle. PI60797 Enable POST only for a form login PI61594 AsyncContext.dispatch() might dispatch to an incorrect URI if using different versions of ServletRequest.startAsync() PI61628 A 404 error might be generated when using redirectToWelcomeFile Web Services (JAX-WS, JAX-RS) PI53319 ClassNotFoundException on WebSecurityHelper PI56315 JAX-RS MessageBodyWriter is not run PI56374 ClassCastException: java.util.TreeMap incompatible with javax.ws.rs.core.MultivaluedMap PI58097 HTTP Response header with invalid Date string is added to the response on a WebServices request PI58779 JAX-RS 2.0 @Context injection from client side provider reports NullPointerException PI58799 IllegalArgumentException inJAX-RS InjectionUtils.java code PI59519 Update product.json model to match recent changes in API Connect PI59633 When using JPA to persist an object, the JAX-RS engine does not correctly catch any exceptions that are thrown PI59640 Security definition is missing from the filtered Swagger document returned by API Discovery Framework PI59643 Using @Context to get the HttpServletRequest and changeSessionId() always returns null PI61936 Information disclosure in JAX-RS API PI62155 Suppress SOAP FAULT error message PI62450 Swagger processor may allow weaker than expected security Web Services Security PI59665 OIDC Relying party auth flow fails with 401 error when security trace is enabled PI59677 OIDC relying party authentication failure due to CWWKS1704E error PI62735 The groupId(s) get lost in id_token and introspection WMQ messaging providers PI59123 WS-AtomicTransaction participant recovery after a server crash may never complete PI60966 Problem distributing transaction between WSAS traditional and Liberty using WS-AtomicTransaction. PI58021 ClassNotFoundException if application contains a jar which contains other archives Database Access, Connection Management, Merant/DataDirect drivers PI57239 Error when multiple threads attempt to authenticate to Mongo at the same time EJB Container PI49639 CWWKC2259E: "Unexpected child element" in Liberty profile for EJB 2.1 PI50806 NullPointerException in AbstractEJBRuntime.bindAllRemoteInterfacesToContextRoot when using ejbRemote-3.2 feature PI53807 Improve message text when EJB SessionContext fails to serialize PI55049 Non-persistent EJB Timer created while application is stopping may not be removed General PI48725 Initial TLSv1.0 application data packet read into the wrong buffer by the SSL channel PI49508 At startup end users requests routed with HTTP 404 response PI49566 WebSockets might not close the connection if sessionIdleTimeout is set PI51523 HTTP Channel getCookieValue throws ArrayIndexOutOfBoundsException when cookie is only one-digit double quote " PI51552 Unwanted CWWKC1556W warning when application starting or server shutting down PI51740 The HTTP Channel could cause the Operating System to send an RST packet when the connection is closed PI52417 Host name resolution with collectives on z/OS may not resolve properly PI52845 SSL handshake fails due to a java.lang.IllegalArgumentException. PI54212 Update one class in Apache Commons PI55344 The job logs are producing a date such as 2016-12-28 as opposed to 2015-12-28 during the last week of the year PI55874 Jobs containing split-flow may continue executing the (split-flow) even after the job is stopped. PI56019 The com.ibm.websphere.appserver.api.mediaServerControl.1.0_1.0.11.jar file in the dev/api/ibm directory is empty. PI56057 The MediaServerControl Javadoc provided contains accessibility issues. PI56076 Batch job logs do not contain the exception stack trace on step or job failures. PI57100 Remote partition wrongly ends in COMPLETED state when job is stopped, wrongly bypassing partition execution on restart. PI57542 IOExceptions is not thrown on inbound connections PI58014 Message's address is null in SipUdpConnLink PI58049 The exitStatus after the restart of an executor is not properly being rolled back to the correct value. Install V8 and above PI51130 Updating Liberty using group-mode Installation Manager does not set group-write bits PI55969 An update to the licenses in IBM WebSphere Application Server Liberty V8.5.5.9 is required. Intelligent Management Component PI53304 Auto scaling does not fully scale in to the minimum number of servers or scale out to the maximum number of servers PI57006 A scaling controller might not register a scaling member correctly when the member starts. PI57007 ConcurrentModificationException in com.ibm.ws.scaling.controller.topology.RepositoryMonitor$UpdateHandler PI57982 In a Liberty collective, not all instances of an application are used when routing with Intelligent Management for Web Servers. Java 2 Connectivity (J2C) PI53120 Datasource connection pool minimumPoolSize to be 0 by default for newly created datasources PI54230 ClassNotFoundException when using generic RA in Liberty Java Persistence API (JPA) PI46699 A null value is returned when trying to use OpenJPA's DelegatingConnection's unwrap() PI47094 ClassCastException using a shared JPA module on JPA 2.1 PI47144 Merging an unmanaged entity multiple (3) times leads to an exception. PI50341 Using java.sql.Timestamp data type for entity version value requests current timestamp from wrong SYSIBM table on DB2 PI50694 ClassCastException is thrown in JPA when QueryCache is enabled PI51878 ddlGen script is shipped in ASCII instead of EBCDIC in Liberty 8.5.5.7 PI52209 EntityNotFoundException in OpenJPA PI53589 OpenJPA fastpath broken on Java 8 PI56340 OutOfMemoryError from org.apache.bval.cdi.BValExtension$Releasable objects not being released. PI56499 AbstractMethodError occurs when using JPA with beanvalidation-1.1 feature PI58001 NullPointerException from org.eclipse.persistence.queries.ReadObjectQuery under heavy loads PI58005 With a Liberty image consisting of only EE7 features, importing javax.persistence 2.1 with WDT requires an internal attribute. JavaServer Faces (JSF) SunRI implementation PI46218 DeploymentException occurs if different web modules in an enterprise application have CDI beans with the same name JavaServer MyFaces (JSF) Apache MyFaces implementation PI45044 JSF problem in a Portlet environment: Form inputs inside a data table lose their values if validation fails PI47885 h:selectManyCheckbox and h:selectOneRadio components do not support f:ajax tags. PI49486 MyFaces leaking file descriptors when reading stylesheet files PI50108 JSF component binding with ViewScope beans does not work and causes an exception PI51038 Fix EL 3.0 ImportHandler support in JSF 2.2 PI53555 JSF ViewScope implicit objects are not resolved in JSP pages PI54702 Null renderer-type tag causes custom TagLib xml parse error JavaServer Pages (JSP) PI52851 Changing JavaServer Pages (JSP) features between requests can result in a java.lang.NullPointerException. Liberty Application Services PI51184 CWWKG0031E is received after commenting out a JNDI element and then adding it back at runtime PI51375 Application Manager change to make time waiting for apps at startup configurable PI52936 Application classes provides incorrect values when calling getProtectionDomain().getCodeSource().getLocation() PI54707 Intermittent ConcurrentModificationException thrown on startup when two Liberty apps use a privateLibraryRef. PI55383 Client container application fails to run PI55891 SPI classes under com.ibm.ws.container.service reference some non-SPI classes PI56452 NullPointerException in WABInstaller.java results in "Unable to install bundle" message PI56644 SPI classes under com.ibm.ws.javaee.dd reference some non-SPI types PI56831 Classloader.getResource("") does not return url to WEB-INF/classes Liberty Debug and Tracing PI51841 Request timing can accidently remove an executing request from the active request list PI52003 New "JSON" format added to binarylog command PI54917 ConcurrentModificationException in collector manager PI55910 Logging in InvocationContextImpl outputs array IDs instead of array contents Liberty Kernel PI51988 Invoking productInfo with valid command but bad option does not give errors PI52309 WebSphere Liberty default executor auto-tuning is disabled when an embedder overrides the default ThreadFactory. PI53867 ScheduledExecutorService can temporarily leak classloaders for canceled tasks. PI54458 Wrong charset returned in page-not-found error when incorrect context root is requested. PI55031 Fix defect in Equinox framework to incorporate in Liberty PI55670 Liberty File URLs contain incorrect number of '/' characters PI56645 Configuration conflict warning message needs improvement PI56678 FileNotFoundException when application start-up fails. PI57314 JSP classloading ignores the application parent-last classloader setting PI57974 OSGi applications may be able to get access to OSGi services provided by Liberty feature bundles which are not considered API. PI57975 Deadlock may occur when creating a Java util logging Logger PI57980 Improper error when running Liberty scripts with unsupported Java version. PI57981 Changing SSLDefault may still require unnecessary configuration of defaultKeystore PI58006 Feature updates are less likely to result in unnecessary component activation and deactivation PI58035 When installing features using the installUtility jaccWeb-1.5 and ejbComponentMetadataDecorator-1.0 are not installed Liberty System Management PI53219 Wrong locale in the content when calling REST API to generate schema Liberty z/OS PI50915 More details is provided for some failures in WOLA connections via Liberty PI51171 Allow WOLA client to re-connect after a Liberty server failure or recycle PI51329 Default JAVA not read from java.env when server is started with a PROC. PI53339 Liberty on z/OS fails to route messages to MSGLOG DD card PI53469 z/OS Connect does not preserve JSON payload element ordering as shown in copybook files. PI53842 Basic authentication not working z/OS Connect dynamic services PI54855 Liberty on z/OS does not pick up the IFAUSAGE properties file in the product extension directory PI54886 When starting a Liberty server that has zoslocaladapters configured the sever abends with a System 106. PI55029 Liberty started task does not expand @WLP_INSTALL_DIR@ when used in the path specified by WLP_DEFAULT_JAVA_HOME in java.env. PI56289 Calls to WOLA services BBOA1* may hang when Liberty server is cancelled or ABENDs PI56385 Message CWWKB0101I does not provide enough information to diagnose problems connecting to an Angel process. PI56987 WLP_SKIP_UMASK=true is not working when Liberty server is started from a started task on z/OS Messaging Providers PI47483 [WARNING ] CWWKG0032W: Unexpected value specified for property Performance Monitoring Tools PI55077 Monitor group filter does not work with the component which are not using the code intstrumentation. Security PI50399 NullPointerException thrown at com.ibm.ws.transport.iiop.security in Liberty profile PI51188 Login fails with mixed-case password phrase on z/OS. PI52181 Liberty incorrectly displays warning message aboutWSGUEST user missing the RESTRICTED attribute PI52566 Incorrectly returning CWWKS4306E when application URI is unprotected and Liberty receives an expired LtpaToken PI57413 CWWKE0702E: Could not resolve module: com.ibm.ws.management.security is logged when zosSecurity-1.0 is enabled. PI57668 Collective member certificate login fails with LDAP or Federated user registry Sessions and Session Management PI53220 Session attribute not stored with Oracle as database session persistence and MultiRowSchema=true Systems Management Functions PI58002 Collective replica restart may fail Virtual Member Manager (VMM) PI48674 LDAP binary attribut handling in VMM Web Container PI42598 Filter with only WebFilter annotation does not get invoked PI43752 AsyncContext.dispatch() dispatches to an incorrect URI PI52414 While using an upgrade request the quiesce operation did not complete PI52415 isFinished on a stream can return true before the stream is fully read PI53854 Unable to retrieve the REMOTE_USER from the WSRU header without using any security in Liberty PI54235 A redirect using an URI relative to the current request URL redirects to the wrong URL PI54414 Managed thread factory not available in ServletContextListener.contextInitialized PI54701 The Servlet SPI was refactored to provide a complete set of SPI classes. PI57884 Blocking write is not allowed once WriteListener is enabled. PI58013 If an error occurs during a request with a ReadListener and is upgraded, a quiesce operation may not complete properly Web Services (JAX-WS, JAX-RS) PI48389 @PreDestory method invoked twice when @RequestScoped annotated on resource class and no @Context field in the class PI50692 Data conversion issue for Multi-part MIME on mainframe (z/OS) PI51798 Liberty JAX-RS implementation may throw NullPointerException PI52014 User customized provider life cycle annotation @PostConstruct @PreDestroy not work or throw NullPoint Exception when stop server PI54152 Liberty profile JAX-RS 2.0 Client Side Built-in Providers Installation Performance Issue PI55038 Injection on implementation of ParamConverterProvider in JAX-RS 2.0 fails with NullPointerException PI55547 Customized EJB ExceptionMapper cannot be mapped to user defined Exception in more than two JAX-RS 2.0 Applications PI56455 ClassNotFoundException loading the jaxws-2.2 and appSecurity-2.0 features Web Services Security PI49272 Cross site scripting vulnerability in Oauth Service Provider CVE-2015-7417 PI57265 Add OpenID Connect relying party (RP) config option to specify whether to do client side redirect PI58003 Cross-site scripting vulnerablility in OIDC client web application WMQ messaging providers PI43413 Deadlock in controller due to timing window in the recovery log service; servant times out PI53471 Extended Unit of Work API may not throw errors back to the application when they occur during transaction end processing. PI53472 Thread safety defect in Unit of Work manager initialisation PI53661 When inside an @Transactional declarative transaction, an error is thrown upon entering an @TransactionScoped context. PI54151 Unable to find the @Transactional annotation PI56465 @TransactionScoped bean instances do not have their @PreDestroy-annotated destructors called. PI56466 Access to UserTransaction methods is not correctly disabled within nested @Transactional annotations PI56467 @Transactional rollBackOn/do not RollbackOn scans the exception class hierarchy in the wrong direction PI56529 @Transactional annotation processing code emits FFDC when encountering RuntimeExceptions in the dontRollBackOn list PI48390 IllegalStateException thrown during server stop when j2eeManagement feature is installed General PI42523 Root not injected on URL containing query but omitted path PI45266 HTTP response splitting vulnerability CVE-2015-2017 PI47651 An OutOfMemory error can occur from a leak in WebSockets when websocket session timeout is set PI47954 Future.get can hang during ManagedTaskListener.taskStarting for repeating task PI48097 Cleanup of resources can be missed after Thread.run for threads created by a ManagedThreadFactory. PI48327 WLP does not handle requests successfully during shutdown PI48759 The TCP Channel's Host Name Include and Exclude lists are case sensitive PI50766 ExecutionException raised instead of AbortedException for aborted task PI51046 BATCHMANAGER SCRIPT WebSphere Application Server SHIPPED IN ASCII ENCODING ON z/OS INSTEAD OF EBCDIC ON LIBERTY 8.5.5.7 PI51656 COMM_FAILURE exception raised during IIOP invocation due to IIOP connection being closed while in use PI52303 Duplicate IIOP request IDs lead to incorrectly parsed response (from incorrectly handled reply message). Install V8 and above PI51982 LIBERTY 8557 CANNOT ROLLBACK TO LIBERTY 8553 AND BELOW Intelligent Management Component PI49835 java.lang.IllegalStateException: The ScalingMemberReplacementService service is not available JavaServer MyFaces (JSF) Apache MyFaces implementation PI47095 A java.lang.ClassNotFoundException can occur during deserialization of the HTTP session PI47578 An UnsupportedOperationException is thrown with an eager ManagedBean containing a ManagedProperty in JSF 2.2 PI47600 The "class" attribute cannot be set in a custom tag in JSF 2.2 JavaServer Pages (JSP) PI43036 JspTranslationException when using a JSP tag containing another tag with deferred-attributes PI44611 JSP engine throwing an IllegalStateException when PageContext.findAttribute(string attributename) is called PI46827 Memory leak in javax.el.BeanELResolver caused by application restarts Intelligent Management Component PI52161 Liberty collective server status is not in sync with DataPower status query Liberty Application Services PI50370 Unnecessary IllegalStateException FFDC created during some server stops Liberty Archive Install PI50812 Some download error messages are shared with install error messages, but the content of the message only mentions install. Liberty Debug and Tracing PI49056 NullPointerException when updating traceSpecification programmatically. PI50369 NullPointer in MethodInfoImpl tracing PI51010 Liberty core dumps when -Xhealthcenter:level=inprocess jvm option is used with health center agent version 3.0.5 or above Liberty Kernel PI46358 Problem with notify call for updateTrigger="mbean" PI46856 Unused server.env file generated when creating client processes using Java 8 PI47941 Liberty featureManager command may hang until killed PI48377 Unable to use wlp-featureRepo-8.5.5.7.zip as a directory based repository in WDT PI49759 When setting the trace file name to 'stdout', the distinction between error and general output messages is lost. PI49927 UPDATE TO COMMAND PRODUCTINFO VIEWLICENSEINFO PI50096 When Java security is enabled application class loaders may get access to internal packages contained in liberty profile PI50775 There needs to be a space character preceding the ellipses mark used in some install command line messages. PI51403 SSL support does not start properly PI52579 Errors after adding or configuring additional content to server when the server installation path contains unsafe characters Liberty z/OS PI46937 Security identity not propagated from batchManagerZos to batch exectuor in multi-server environment causes JobSecurityException PI47050 Unintall zosBundle addon fails if use Java7 to run Liberty installUtility PI47248 PERMISSION ERRORS ACCESSING RESOURCES IN THE SERVER'S WORKAREA DIRECTORY USING APPLICATION SYNCTOOSTHREAD WITH JSP INCLUDE TAG PI47476 CWWKT0022E IN LIBERTY SERVER WHEN USING DVIPA HOSTNAME DEFINED BY VIPARANGE PI47730 SERVICEABILITY ENHANCEMENTS TO ENABLE TRACING IN THE TOOLING THAT z/OS CONNECT USES PI48362 The performance of inbound requests using the zosLocalAdapters feature is poor. PI48528 z/OS CONNECT USE OF HTTP GET WITH INVOKEURI FAILS WITH WOLA SERVICE PROVIDER PI48823 HIGH I/O AND CPU USAGE WITH ZOSCONNECTDATAXFORM DATA TRANSFORMER PI48987 AFTER RESTARTING LIBERTY WITH z/OS CONNECT, NO z/OS CONNECT SERVICES ARE AVAILABLE PI50040 CWWKE0701E MESSAGES SEEN AT LIBERTY SERVER STARTUP PI50389 CONVERTTOJSONPRIMITIVE DATA TRANSFORMATION PART OF z/OS CONNECT USES HIGH CPU PI50787 A z/OS modify command fails when running OSGi console commands. Performance Monitoring Tools PI42967 Excessive appendCustomSetString calls cause high CPU when using VE and PMI. PI49140 Health manager dumps many files into member server's /tmp directory Security PI44880 Improve serviceability for form-logout processing. PI47544 Fix keystore file monitoring so it is not polling by default. PI47823 In Liberty profile ignoreCase=true is not honored for administrator-role entries PI48220 The hashtable login module does not honor the uniqueId and security name when passing then userId PI49157 App Server Classic to Liberty profile remote EJB lookup is not working when CSIv2 uses LTPA PI50589 Liberty profile needs a meaningful message in the NO_PERMISSION exception when failing to decode a GSSUP token. PI50717 Populating the users to the BasicRegistry might fail due to CWWKS3104E: Multiple users are defined error PI50825 Access is denied with a WebSphereRuntimePermission for getSSLConfig in CSIv2 during a naming lookup. Sessions and Session Management PI51030 There is a duplicate creating table problem when using Informix as session database on Liberty profile Systems Management Functions PI50111 Automatically deployed member fails to start on Microsoft Windows PI50484 Multiple clusters concurrently deploying to new host have JRE collision PI50768 wlpInstallDir and/or jreInstallDir and/or otherInstallDir install to default location instead of to user specified one. PI50824 Scaling member may change to automatic mode on member restart PI50970 An improvement is made in the collective replica set management to better handle a network isolation condition. PI50985 Collective controller does not start PI52103 Vulnerability in Apache Commons Collections used by Liberty Virtual Member Manager (VMM) PI46476 The principal name is listed as null in the error message CWIML4537E Web Services Security PI36818 WebSphere OAuth TAI template cache has a synchronized lock and can block a lot of threads PI51540 CWWKS1758E: Validation failed for the ID token. WMQ messaging providers PI48396 Performance degradation on application startup PI52986 In doubt transactions are not recovered on server restart Contexts and Dependency Injection (CDI) PI40544 CDI decorator for an interface must directly implement cannot inherit from a super class PI45878 Injected parameters passed in wrong order PI46326 Performance Improvement on application startup PI46615 The same class appearing in multiple war files might cause the wrong bean manager to be returned. PI46639 Name given to a bean with @Named annotation is not the correct default if it begins with two or more capitals PI47146 CDI does not correctly verify and publish events for JEE Component Classes which support injection Database Access, Connection Management, Merant/DataDirect drivers PI45007 Allow the user to specify the TLS_CLIENT_CERTIFICATE_SECURITY option on the securityMechanism property on properties.db2.jcc DynaCache PI45499 The webCacheMonitor feature does not work with JSP 2.3. PI45536 The Liberty profile cache monitor does not work with application security enabled. General PI33395 NullPointerException thrown by UDP channel when stopping server. PI35277 Server not responding to Continue message as expected PI36179 ReInvites are frequently canceled with NullPointerExceptions PI42817 HTTP Channel prints FFDCs for MalformedMessageExceptions and IllegalStateExceptions while parsing request message PI44958 Exceptions when requestTiming is re-enabled PI46281 NullPointerException in batch JobOperatorImpl after dynamic server configuration change involving batch or its dependencies., PI46300 A call to the Batch REST interface to restart a job fails when the job was previously started via the JobOperator., PI46303 Issuing a STOP command to a Batch job does not result in the job being in the STOPPED state., PI46433 FFDC is produced for a NullPointerException in com.ibm.ws.tcpchannel.internal.SocketRWChannelSelector.updateSelector. PI46543 Future.get hangs when attempted from taskSubmitted/taskStarting of tasks scheduled via a ManagedScheduledExecutorService. PI46745 A retry with rollback performed before the first checkpoint is taken causes a NullPointerException to be thrown. PI46747 Batch status of an instance is in STARTING when instance state is FAILED Install V8 and above PI46415 Updating Liberty using Installation Manager on z/OS requires a large amount of disk space. PI46420 Installing Liberty v8.5.5.6 with features or addons using Installation Manager in silent mode fails due to out of disk space PI46422 Installation Manager unable to install assets from instance of the Liberty Asset Repository Service with no internet connection PI46563 Update WebSphere Application Server Liberty profile V8.5.5.7 licenses Java 2 Connectivity (J2C) PI37749 JDBC Wrapper implementation of ResultSet.isClosed returns false after DB2 JCC driver has closed the ResultSet PI45839 Missing translatable message for error path where invalid valid is specified for a numeric connector property Java Persistence API (JPA) PI45511 Expose the org.apache.openjpa.lib.rop package in the jpa-2.0 feature to enable the serialization/deserialization of ResultLists. PI46623 When using the jpa-2.1 feature, an entity containing a lazy field may fail to deserialize PI47287 Potential memory leak when both validation 1.1 and CDI 1.2 features are enabled. JavaServer MyFaces (JSF) Apache MyFaces implementation PI38788 Hung thread caused by MyFaces PI43692 A java.lang.ClassNotFoundException can occur when the session is invalidated and the jsf-2.2 feature is being used. Liberty Administrative Center PI44185 Stopping Liberty profile 8.5.5.5 controller from the Admin Center causes error Liberty Application Services PI43122 ValidationException occurs when using JAX-RS and more than one validation.xml PI43130 Enable strict checking of a single validation.xml file per application classpath. PI46803 Server with IIOP clients fills heap and throws OutOfMemoryError Liberty Debug and Tracing PI44096 binarylog command causes java.lang.NullPointerException PI46922 Request timing does not work with Java EE 7 features Liberty Kernel PI28387 After a configuration update a web request may temporarily result in an error PI41611 Collective controller returns garbled stdout of ServerCommands to JXM client PI42400 OSGi applications that contain blueprint.xml in bundle fragments do not start after Liberty update to 8.5.5.5 PI43382 Product validation error using featureManager to install an add-on, such as extendedPackage-1.0 or javaee-7.0 PI45743 ServiceException when stopping the server immediately after a configuration update PI45777 The configuration schema does not include a default value for the 'optional' attribute on the 'include' element. PI45942 Creating a new server can result in a server.env file being generated in the wrong place PI46475 IIOP/CSIv2 may fail to start correctly due to missing UserRegistry PI46612 Server dump command fails when a Java dump file cannot be found. PI47138 Default welcome page uses 'Beta' description for supported server Liberty System Management PI46936 FileTransferMBean.deleteFile(String) may not be able to delete an empty directory on IBM i operating systems PI47155 File transfer could sometimes fail due to controller deleting the file before the transfer is complete PI47206 JSONConverter incorrectly de-serializes MBeanServerNotificationFilter PI47351 If the appSecurity feature is installed no application starts unless SSL and a UserRegistry are configured correctly. Liberty z/OS PI38734 Add mapped SAF identity to the SMF 120 subtype 11 records PI38852 z/OS connect in Liberty is not recognizing the mapped RACF userid is a member of a group PI45470 Abend S478 RC=4 when trying to stop the server PI45472 ABEND0C4 when running batchManagerZos from a dataset PI45842 Abend S478 RC=4 when trying to stop the server SP231 Security PI37396 Potential spoofing vulnerability in WebSphere Application Server CVE-2015-4938 PI43224 The authData configuration element needs enhancing to include alias and database in its description. PI43359 Javadoc relating to isServerSecurityEnabled needs to be updated to apply to its function in Liberty profile PI43583 Logout fails due to ConcurrentModificationException in high-stress, multi-threaded environment. PI43768 Remove SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA from the strong cipher list. PI46545 Add exception to security error message CWWKS1102E. PI46748 Enabling security through adminSecurity-1.0 may cause servlets to not configure completely Systems Management Functions PI41230 Liberty 'collectiveController replicaPort' limits size of port number PI42819 Collective join or replicate with --useHostCredentials option completes even if host credentials are missing. PI43401 Incorrect error message when host authentication credentials cannot be retrieved by collective controller. PI45838 A scaling member logs an FFDC with IllegalArgumentException during server shutdown PI46378 Collective and cluster member started/stopped state not promptly updated. PI47142 Improve collectives replica reconfiguration performance by improving internal storage structure in Frappe. Virtual Member Manager (VMM) PI45051 LDAP: Error code 53 - R000128 Filter is not supported PI46454 UserRegistry getUsers method does not use LDAP userFilter configuration specified in the server configuration PI46472 LdapRegistry does not work when the search results cache is defined as <searchResultsCache enabled="true" /> PI53797 Ignore case configuration is not honored in LDAP repository configuration PI54153 Login fails when ibm-entryuuid attribute value is null for a user Web Container PI38116 Provide option to not flush internal response objects in FileServletWrapper. PI41941 Improve error messages SRVE9002E and SRVE8011E PI42281 Suppress SRVE0255E error message in systemout trace PI44057 There is an increased performance overhead for users of the SSL feature in Liberty profile PI44214 getParameter() does not work after getReader() PI47153 Liberty profile performance issue when using @postContruct and @preDestory annotations in servlets Web Services (JAX-WS, JAX-RS) PI38723 NullPointerException generated by Apache wink library when processing HEAD requests PI40556 WebServiceContext is lost, resulting in a NullPointerException PI42710 javax.xml.bind.UnmarshalException: unexpected element can occur on first request PI46436 Wrong media type for the response when using JAXRS-2.0 Web Services Security PI44461 Must not call getClob for PostgreSQL Contexts and Dependency Injection (CDI) PI29421 CDI getInjectableReference() is not working as expected PI36177 PostConstruct method is not called if there is a second method of the same name PI40778 Nulls are being injected in place of EJBs that depend upon an @resource PI41728 An inherited qualifier with a value is overridden but the more distant value's ancestor is applied to a bean. Database Access, Connection Management, Merant/DataDirect drivers PI38333 Cleanup fails with an SQLException for unsupported operations PI38941 IllegalArgumentException when attempting to configure DB2 data source property keepAliveTimeOut DynaCache PI36904 Cache provider name description is incorrect and unclear. EJB Container PI39344 EJB application update time greater than two minutes when server is under load General PI31734 HTTP response might have multiple Set-Cookie: JSESSIONID headers PI32026 The message: "BBOA8090E An error occurred during TRUE enablement with reason code 63" is not clear for client self-assist PI33453 Chunked request might fail to receive all responses caused by delayed last CRLF. PI36010 Channel framework NCSA access log service time PI40058 Allow for pre-CDI injections to work for websocket Server Endpoints when CDI is disabled. PI41780 The server does not shutdown with an active websocket session in use IBM i PI35258 server start fails with "Command /QOpenSys/QIBM/ProdData/JavaVM/jdk70/32bit/bin/java not found" Install V8 and above PI40035 Update licenses for IBM WebSphere Application Server v8.5.5.6 Intelligent Management Component PI34716 Web server server-status page shows STARTED applications under STOPPED servers for Liberty collectives PI37873 Potential server hangs are possible during server stop when using the scalingMember feature PI39714 Dynamic routing in Liberty does not work if applications have an empty url-pattern for a servlet-mapping in web.xml Java 2 Connectivity (J2C) PI39295 IllegalStateException: context is null prevents resource adapter from being stopped PI40410 WorkContextLifecycleListener not notified of contextSetupCompleted JavaServer MyFaces (JSF) Apache MyFaces implementation PI38066 Request to Prefix mapping of Faces servlet may return a 500 Error. PI38898 The jsf-2.0 feature might fail to start with java2security enabled PI38977 The el-3.0 and jsp-2.3 features should require a minimum of Java SE 1.7. JavaServer Pages (JSP) PI31922 New JSF applications may fail after deployment if another JSF application is deployed in the server using its own EL parser PI33328 javax.faces.application.FacesMessage is not serializable PI37304 Incorrect JSP translation for the expression PI37485 Comparison between encodings should be case-insensitive JSPG0088E Liberty Administrative Center PI39293 AdminCenter line graphs plots can get out of sync with the summary field values. PI39713 Alert panel in Admin Centre's dashboard may not display all alerts. PI39717 Invisible close button on background task details dialog PI39718 Misaligned background steps description. PI39719 AdminCenter graphs do not display when using a browser with a Russian Locale. PI39991 If the AdminCenter Graphs slow down because of system load, the X axis labels of some graphs can become unreadable. PI40192 Bidirectional Preference toggle button on Mozilla Firefox browsers does not render correctly PI40419 If edit button is clicked before tools are fully loaded in user's tool box, then there is no remove icon on newly loaded tools. PI40633 A 400 error code displays in the console when loading Admin Center Liberty Application Services PI29785 FFDCs with IllegalStateException: Cannot stop from state UNINSTALLED created when Liberty profile server is shut down PI34959 Artifact SPI in Liberty profile missing classes StructureHelper and ArtifactContainerFactoryContributor PI38923 Exception logged during server shutdown PI39795 JNDI Contexts in the java: * namespaces are not serializable Liberty Debug and Tracing PI38281 During High Performance Extensible Logging mode TruncatableThrowable exception is logged as wrapped exception Liberty Kernel PI34141 An IllegalStateException may be generated by the com.ibm.ws.classloading bundle on shutdown when unregistering a service. PI34161 Liberty profile %D NCSA access logging directive does not record the correct elapsed time for a request PI34201 REST connector can potentially use an invalid endpoint PI35483 400 bad request error from channel component while parsing headers with trailing white space PI36907 Nested elements are not merged if cardinality is 1 or -1 PI36912 Updates to nested elements provided by a user extension may not result in a configuration update PI36944 Nested configuration with unresolved references can have incorrect values PI36999 An error parsing a file in configDropins prevents other files in configDropins from being loaded PI37977 Contextual proxy is not usable until the context service that created it is looked up or injected into an application. PI37978 Direct lookup of ManagedScheduledExecutorService sometimes returns wrong type. PI37983 Schema and feature list contain English when locale is set to pt_BR and zh_TW PI39099 Liberty OSGi SPI JARs do not compile with Java 7 PI39798 Liberty executor can hang when work is submitted outbound over HTTP and back into the same server. PI40224 Java 8 VM no longer supports MaxPermSize PI40775 Symbolic links to server directories from Liberty usr/servers directory do not work as expected PI40819 File permissions too restrictive when WLP_SKIP_UMASK=true specified for Liberty profile server PI40996 IllegalArgumentException thrown when bootstrap property key is a zero-length string. PI41012 NullPointerException when installing a corrupt jar file PI41671 Files with extensions other than XML are read from configDropins PI42525 Specific application elements may not be removed correctly Liberty System Management PI37984 Collective deployment fails when using root directories as write paths. Liberty z/OS PI33798 WebSphere Application Server for z/OS can encounter CML lock contention when under heavy load. PI37650 UNPRINTABLE CHARACTERS IN SCRIPTS BBGJS2LS BBGLS2JS PI38709 Server started on z/OS with a started procedure does not place logs into the location specified by WLP_OUTPUT_DIR. PI38774 Using DFHJSON to format strings with numbers for the data, quotes(") were not placed around the data. PI38851 Distributed ID not properly mapped when used with WOLA in Liberty PI39623 Collectives are unable to start servers on z/OS that run as started tasks PI41507 zosLocalAdapters (WOLA) requests run as the UNAUTHENTICATED user instead of the client user Security PI28455 UnsupportedCryptoAlgorithmException is not included in com.ibm.websphere.appserver.spi.containerServices_1.0.0.jar PI34405 Server SSL port is blocked indefinitely when client authentication is used and the truststore is empty. PI35075 The certificateUtility createSSLCertificte tool does not give a useful message if the keystore already exists. PI37897 SSL configuration attribute added to the metatype. PI38712 Enforce the optional nonce parameter in the OIDC Authorization code flow(provider) PI38713 Enforce the optional nonce parameter in the OIDC Authorization code flow(client) PI38772 OpenID connect relying party fails when hostname contains "oidc" PI39322 Fix poorly worded error message that appears when the a keystore fails to load. PI39325 Allow larger ciphers, 256 bit ciphers, to be a part of the HIGH cipher list. PI39647 Support JSON array as custom claim PI41257 The securityUtility tool does not run if only the kernel feature is installed. Systems Management Functions PI36632 A FFDC java.util.NoSuchElementException was reported on the collective controller by ServerCommandsMBeanImpl class PI37256 Application ADDED notification being issued during Application removal. PI38096 FFDC with java.lang.IllegalArgumentException is thrown when removing a member from collectives PI40358 Concurrent cluster membership changes can result in a member being removed from a cluster. PI40550 Collective remove command did not handle bad user name correctly PI40561 Java home for the collective join command is not set correctly in a post join action operation with a server deployment. PI41251 Removing a running member from the collective does not stop it publishing its state data to the collective repository. Virtual Member Manager (VMM) PI38554 LDAP filter issues with VMM PI40564 User filter expressions containing a '!' do not work as expected. Web Container PI31292 getPathInfo returns a semi-colon for the ";xxxx" appended after the request URI PI31447 The server adds a /(slash) to the response URI if the inbound request URI has a ;(semi-colon) PI31622 Privilege escalation with serveservlets CVE-2015-1927 PI38357 Add more details to the WebAppHostNotFoundException PI38383 Unhelpful message in console.log: Uncaught.init.exception.thrown.by.servlet PI38782 Add property to initialize the class during Class.forName() PI39941 Close does not wait for the timeout PI40414 No access to all org.apache.japser.el classes PI40416 Unsupported Operation Exception after programmattically added servlet context listener throws an exception PI40418 WebContainer throws a java.lang.IllegalArgument exception when parsing parameters PI41465 When HttpInputStream.isReady() is called after that same API has already returned false, an IllegalStateException can occur. PI41894 A java.io.IOException is not propagated back to a dispatch caller. PI42283 On an async request, fix the thread context state and transfer the security context between threads. Web Services (JAX-WS, JAX-RS) PI38077 jax-ws-catalog.xml support for META-INF for WAR module Web Services Security PI36866 Obtain sensitive information with Apache WSS4J CVE-2015-0226 WMQ messaging providers PI28223 NullPointerException in JNDINestedFrameworkSupport (JNDI lookup) PI35539 Potential java.util.ConcurrentModificationException when starting OSGi applications within WebSphere Development Tools. Contexts and Dependency Injection (CDI) PI15310 StackOverflow error or NullPointerException occurs under heavy load PI27526 The @Produces annotation method on class results in a non-null injectionpoint instance on first invocation. PI30964 EJBs conflicting with listener configuration and CDI events Database Access, Connection Management, Merant/DataDirect drivers PI28913 DSRA0304E and DSRA0302E messages with cause and exception as null creates confusion. PI34199 Connection cleanup fails when using an unsupported JDBC driver. PI34376 Unable to specify empty port number for DataDirect Connect for JDBC and Microsoft SQL Server JDBC Driver DynaCache PI28515 DynaCache CWWDY1064E or DYNA1064E is written for containsKeyDisk() operation EJB Container PI27706 Intermittent FFDC of IllegalStateException when stopping a Liberty profile server with a message-driven bean application PI27924 UserTransaction cannot be used from a CDI instance created within the context of an EJB General PI17680 SipApplicationSession accumulate after BYE transaction if reINVITE transaction not responded to PI21665 WebSphere can use the same from tag and via branch in two different requests even if call-ID is different. PI23787 While using the B2bUAHelper the branch becomes longer when the UAS sends the re-Invite. This fix is to shorten the branch. PI24850 Inbound 412 response not counted in PMI PI26722 SIP container splits the reason header into two headers due to a comma inside a quoted string PI27022 Print the levels of CICS modules to allow customer verification IBM i PI26461 On Japanese IBM i partitions, when console.log exists, server start fails. Install V8 and above PI31113 Installation Manager requires accepting license terms twice to install the Liberty offering with additional assets. PI33671 Update legal license for IBM WebSphere Application Server V8.5.5.5 Intelligent Management Component PI32944 Dynamic Routing to some application instances might fail when the application is installed in multiple clusters. PI33067 Liberty profile server may hang when using the scalingController feature PI33071 Auto scaling not monitoring host-level cpu or memory usage PI33123 Intelligent Management enabled WebSphere Plug-in does not route requests for Liberty servers with empty clone ID PI33124 "dynamicRouting setup" creates JKS formatted keystore instead even when,-keystoreType=PKCS12 parameter is specified PI33793 Scaling controller does not start a server to meet minimum instances when a host with capacity becomes available Java Persistence API (JPA) PI16847 Schema setting in the ORM file does not propagate to the generated sequences PI18178 NullPointerException in QueryKey.createKey using criteria with QueryCache enabled PI19732 First JPQL with left join fetch for lazy loaded specified and data cache enabled. Subsequent does not get loaded. PI20433 JPA pagination is not working PI24575 Use of JoinColumn targets to another JoinColumn key exposed as an attribute causes a ConstraintViolation exception PI26049 OpenJPA PersistenceException: LongId cannot be cast to <class name> PI35626 ApacheValidationProvider class not found when using third party packages that utilize Bean Validation. JavaServer Faces (JSF) SunRI implementation PI29457 The jsf-2.0 bundle is unnecessarily declaring the org.apache.commons.logging.impl package as API. JavaServer MyFaces (JSF) Apache MyFaces implementation PI27290 Multi-window usage with server-side state saving throws a javax.faces.application.ViewExpiredException PI30335 Dependency injection of a JSF ManagedProperty comes after a @PostConstruct on Liberty Profile JavaServer Pages (JSP) PI24001 The JspWriterImp is not properly cleaning up resources in memory after a request completes. PI29973 Log the value of the jdkSourceLevel attribute used by the JSP container PI30519 Issue with duplicate JSP attributes Liberty Administrative Center PI33313 Screen scrolls down to the bottom while typing in the input fields in deploy tool PI34787 Wrong message when deploying server package file located on the collective controller in Admin Center PI34806 Extra line shown in browser when going from the toolbox to any tool PI34808 Can not display server's actual status, always displays a straight line on monitor panel on Microsoft Internet Explorer Liberty Application Services PI26941 Installing and uninstalling an application many times causes OutOfMemory PI27843 Deleting and re-adding the same zip application to the dropins folder can result in an IllegalStateException. PI30922 The server does not automatically restart a running application after annotation-based metadata has changed PI31351 The description of the autoStart attribute on the application config element is misleading. PI33384 Value of context root configuration is silently ignored when not applicable PI35537 Inability to resolve JSP modules due to incorrect internal feature dependencies for javax.jsp Liberty Debug and Tracing PI35310 Timed Operations which are not available are displayed as null. PI35314 isAnyTracingEnabled should evaluate object as a precondition then the primitive boolean type. Liberty Kernel PI20344 Liberty embedded server writes .cache files to the incorrect location PI28126 NullPointerException or IllegalArgumentException thrown during runtime class scanning or class weaving. PI28337 FFDC error when updating configuration to remove a feature PI28560 Add httpDispatcher property to control padding of a 404 message. PI28985 WDT show "base instance from which to inherit context" under the main "Thread Context Propagation" section. PI29210 ManagedServiceFactoryTracker/BundleContextImpl throw IllegalStateException when server is being stopped PI31002 Error deleting configuration for context service PI31143 The default executor of a WebSphere Application Server Liberty Profile server can deadlock in rare cases. PI31247 Server takes 5% longer to start after moving the Liberty profile wlp install directory. PI31531 Invoking the 'server' script from a shell with the CDPATH environment variable set may fail. PI31565 If users use a script to run multiple install actions, they may not know which messages are for installing which feature. PI32074 NullPointerException in thread pool code occurs during server shutdown PI32690 Using symbolic links to applications outside of the WLP install directory could result in an IllegalStateException. PI32778 Feature jca-1.6, jms-1.1, and mdb-3.1 cannot be installed from offline local directory PI32942 Websocket client code can miss processing incoming data that is received immediately after HTTP upgrade response headers. PI32943 Spurious FFDC reporting javax.management.InstanceNotFoundException PI33015 Applications containing symbolic links do not always restart when the linked content is changed. PI33376 Server shutdown hangs when using the sessionDatabase-1.0 feature PI33526 collectiveMember-1.0 exposes third-party JAX-RS APIs PI34128 When Liberty profile starts from a cached state the logs do not indicate the features that are installed. PI34335 Incorrect lookup of provisioned public Liberty profile features PI34797 A CWWKG0074E error message might be unnecessarily generated when certain server.xml elements are not properly configured. PI34969 The SPI package com.ibm.wsspi.http references non-SPI types. Liberty System Management PI32646 Structure of collective repository has changed in fix pack 8.5.5.4 PI34002 Unable to invoke file transfer operations on paths terminating with slashes on collective host Liberty z/OS PI20582 Application attempt to do authorization with SAF fails w/error code of 03008XXX (if SyncToOSThread is enabled) PI26263 The OLA load modules shipped by z/OS Connect Liberty Profile V8.5.5.2 are not compatible with same modules in WebSphere Application Server 8.5.5.2 PI26630 Liberty Profile on z/OS supports LDAP but does not propertly map LDAP identities to SAF-based Ids PI26950 Message "IRR012I Verification Failed. User profile not found" PI27338 Wildcards are not allowed in service URLs for z/OS Connect on z/OS Liberty PI29459 Storage leak of ACEE objects in native storage when using zosSecurity-1.0 with certificate authentication PI29823 Excessive contention of the MVS local lock is seen when using WOLA in WebSphere Application Server for z/OS Liberty Profile. PI31147 Requests fail when Driving requests through z/OS Connect using data transformation. Performance Monitoring Tools PI31214 ServletStatsMXBean is reporting errorneous data when thread terminates. Security PI27787 Cannot encode password with leading/trailing spaces PI27898 JaasLoginContextEntries with same name causes wrong behavior. PI31523 NullPointerException when specifying both OAuth20Mediator and data source in oauthProvider PI31809 CWWKE0701E when security ID value is null PI33008 Privilege escalation with IBM WebSphere Application Server Liberty profile PI33281 Making the information returned by the certificateUtility to include the SubjectDN the certificate was created with. PI33357 Privilege escalation vulnerability with Run-as user for EJB PI35581 Possible performance degradation when doing programmatic login. Systems Management Functions PI30931 Avoid creating member node path when cluster name is empty or null. PI30985 On z/OS environment, ServerCommandMBean failed to make remote connection as it used wrong encoding when is reading ssh key. PI34003 Under some conditions, a request to the CollectiveRepositoryMBean exceeds a time out and results in a null pointer exception. PI34011 After recovery from a failure Collective Repository Report: not ready PI34012 Collective controller unable to establish a TCP connection with its replicas PI34184 Adding or removing an application does not always reflect the correct final state of the application. PI34417 Message CWWKX8000E can be erroneously logged when a collective member loses its connection to a collective controller PI34486 Under extreme load, the controller cannot service all of the incoming http requests. PI34573 java.io.IOException: The filename, directory name, or volume label syntax is incorrect PI34796 Add National Language Support (NLS) for the default post transfer action. PI34982 Provide backward compatibility for admin metadata publishing PI35001 Repository monitor could not get service from repository member PI35166 Prevent a multi-replica collective controller replica set from reaching an inconsistent state in the data under rare conditions. PI36241 Server package deploying using host credentials failed with an ArrayIndexOutOfBoundsException Virtual Member Manager (VMM) PI27333 Property case sensitivity is not handled properly in search expression. Web Container PI15886 An invalid cookie name causes an IllegalArgumentException to be thrown. PI23529 ServletConfig returns null on empty mappings list PI26908 Error page handling is broken when the web application is CDI enabled. PI28910 ServletRequest.isAsyncStarted() incorrectly returns false on a thread after AsynContext.dispatch() has been called. PI29275 A java.lang.NullPointerException occurs when attempting to add a listener programatically that does not exist. PI29820 Liberty profile SSL client certificate authentication does not work with IBM HTTP Server PI31038 An IllegalStateException is thrown on calling setWriteListener when getOutputstream is called from the readListener. PI31717 ServlerResponse.flushbuffer() does not work correctly. PI34052 When running an upgraded request the application cannot run a JNDI lookup. PI34145 Do not Invoke onAllDataRead() once onError() is called from ondataAvailable() PI34857 Need Plugin log file location as part of server.xml pluginConfiguration stanza Web Services (JAX-WS, JAX-RS) PI22432 java.lang.NullPointerException in JaxWsInjectionMetaDataListener interface PI27318 Applications using Apache Wink on WebSphere Application Server Liberty generate spurious ICH408I messages noting insufficient authority for guest user ID PI30173 JAXRS1.1 declares 2 APIs and 1 SPI, but the packages are not encountered at runtime. PI31063 There are no jars for javax.wsdl.* packages under the dev folder, although they are declared as spec API in the jaxws-2.2.mf. PI33107 Upgrade Apache http client to the latest version 4.3 PI33130 @HandlerChain annotation cannot work with @WebServiceClient annotation PI33206 Liberty profile wsdlLocation attribute not working together with jax-ws-catalog.xml Web Services Security PI32329 Access token not deleted in database when using custom mediator class PI32912 ResourceOwnerValidationMediator.init() is never invoked PI33202 Potential privilege escalation with OAUTH2 WMQ messaging providers PI19361 Application server failed to start because transaction recovery failed PI29167 EBA start issue due to OSGi framework NullPointerException in Liberty Core PI34587 XmlPullParserException when Liberty profile is configured with a local bundle repository Contexts and Dependency Injection (CDI) PI18530 Interceptors are ignored on generic methods defined in an interface and then overriden in a subclassi PI25563 CDI issue is observed when an application is deployed with ScheduledExecutorService scheduled tasks PI26680 CDI application gets error: passivation capable beans must satisfy passivation capable dependencies PI32674 On extremely rare occasions a concurrent modification exception may be thrown during resource injection. DynaCache PI24250 Error appears in message log using WebSphere Development Tool (WDT) generated cachespec.xml. PI28117 Message observed message.log DYNA0044E: XML parsing warning: cvc-elt.1 when using a WDT generated cachespec.xml PI28487 Apichk errors in distributedMap-1.0 and webCache-1.0 PI28503 distributedMap does not inherit properties of baseCache PI28507 ExternalCacheGroup does not work in distributedMap-1.0 PI31235 DynaCache does not delete OSGi configuration of application defined caches when the application server is stopped. PI31236 Web caching does not support cachespec.xmls generated by WebSphere Developer Tools (WDT) EJB Container PI23290 EJB sessionContext.getCallerPrincipal() call not working in asyncbeans PI25789 Reference binding fails for a service that implements an interface but does register it PI25888 EJB container error scenarios should be improved PI26025 Reference and injection error scenarios should be improved PI31041 Adding an activationSpec or admin object for a started MDB fails intermittently PI31045 persistence.xml fails if property names contain leading or trailing whitespace PI31046 Extended persistence contexts are not joined to container-managed transactions IBM i PI26623 server start status message is missing process Id on the IBM i platform Install V8 and above PI28168 Update license notices files for Liberty Profile PI31174 Improved the warning messges for invalid features that fail to be installed using the featureManager command. Java 2 Connectivity (J2C) PI28115 Resource adapter installation is aborted prematurely during shutdown, leading to other problems PI31210 Applications can be started before connection factories and administered objects from standalone resource adapters are ready. Java Persistence API (JPA) PI28881 Some l10n feature names are missing information JavaServer Faces (JSF) SunRI implementation PI25638 JSF MyFaces WebSocket issue JavaServer MyFaces (JSF) Apache MyFaces implementation PI27409 JSP and JSF TLD jar export-package and version Issues PI32405 An UnsupportedOperationException is encountered when initializing an eager application-scoped JSF ManagedBean JavaServer Pages (JSP) PI12666 Getting the IllegalStateException: component with duplicate ID message when using the shipped MyFaces 2.0 PI18404 The JSR 303 implementation of BeanValidation cannot be configured as expected. PI18025 JSPG0046E: Unable to locate tagfile PI25445 A performance degradation can occur under heavy load for applications using the EL PM81849 Issue with JSP tag file compiled into invalid package/class name Liberty Application Services PI20988 Problems when running the server package command PI23168 java.lang.ClassNotFoundException in data sources after upgrading to Liberty Profile V8.5.5.2 PI24221 Application name or module filename containing the # character fail unexpectedly PI24783 Setting classloader delegation mode to parentLast can result in JNDI lookup failures PI25838 Application archive errors are unclear PI26102 The javadoc for the com.ibm.wsspi.resource package is missing PI26149 FileNotFoundExceptions when file paths include spaces. PI27080 Message with prefix CWWKC0044W may be missing an insert. PI27366 Need to throw NameNotFoundException for invalid names for parity with full profile PI27414 Javadoc needs improvement PI27693 Javadoc changes to make methods use correct list structure PI28245 StateChangeException: CWWKS9110E when changing application deployment Liberty Debug and Tracing PI20149 Access logging shows incorrect time taken to process the request PI20363 Error message enabling trace specification in runtime even though the trace specification is valid. PI21485 StackOverFlowError or Infinite loop using HPEL logging. PI26064 Logging needs to be improved PI26811 Logging of Throwable parameter for which getStackTrace() returns null fails PI26813 When e.printStackTrace() is called, the output can be missing some lines of user code PI27085 Expose logging SPI PI27291 Binary log attribute cleanup PI32852 HPEL API not visible from applications Liberty Kernel PI22215 Liberty profile server uses excessive CPU when TCPIP is stopped PI25220 Need improved messages for common parsing failures PI25283 Potential hang in server stop PI25294 Port listeners can be restarted twice when configuration is updated PI25376 Versioning of repository content does not work so any breaking changes to the data breaks old clients PI25530 Error message when you try to install a feature from the Liberty repository does not indicate the first failure PI25861 Path arguments to the featureManager tool are always relative to install directory PI25863 Errors in command-line utilities PI25869 Incorrect processing of configuration elements in the server.xml configuration file PI26034 Toleration for Java 7 and 8 PI26041 Kernel programming interfaces should be improved PI26048 Kernel error scenarios should be improved PI26065 The server command needs to be improved PI26079 The handling of MIME types needs to be improved PI26810 NullPointerException in HandlerHolder line 240 during server shutdown PI27073 ProductUtility validate outputs errors multiple times PI27210 Deployment of a large application with very detailed trace enabled may cause a tracing loop PI27213 Running the ws-productutil.jar version command on z/os results in a missing property error. PI27294 NullPointerException in ConfigSigner PI27296 Minifying an empty server and installing an ESA feature causes a NullPointerException PI27299 RuntimeException: Invalid call to WsByteBuffer method. Buffer has already been released. PI27413 Liberty profile steals focus on Macs PI27415 Unable to find out which configuration attributes can be overridden by variables PI27418 Workarea paths too long PI27431 Avoid extraneous warnings and errors during configuration processing PI27558 Tolerate Equinox osgi.clean property PI27697 Intermittent IllegalStateException in AtomicServiceReference PI27702 IllegalStateException in FeatureManager PI27737 Server dump does not include shared configuration files PI28120 Private features are allowed to be included by features from different Liberty profile product extensions. PI28124 Application reports java.io.IOException: Exception in opening zip file, PI28125 OSGi application can fail to start with java.lang.Exception: ORPHANED, PI28154 Insufficient error messaging for ServerLock waitForStart() PI28265 Intermittent exceptions in org.apache.felix.scr.* classes PI28380 Need improved error messages for file permission problems PI28382 Liberty profile server incorrectly allows 2 data sources to be configured with the same JNDI name PI28546 Suppress erroneous error messages during server shutdown PI28547 NullPointerException in ThreadPoolController during server shutdown PI28551 Default landing and some error pages provided by the server load slowly. PI28776 Fix several kernel issues PI28780 Incorrect class name in error reporting from DynamicVirtualHost PI28880 NullPointerException during shutdown while updating features PI28894 Liberty embedded server fails to notify the user if the server fails to start PI29008 Feature display labels are translated into local language PI30972 ClassNotFoundException: com.ibm.ws.kernel.productinfo.ProdctInfo when using featureManager PI31047 The install directory cannot contain a plus sign PI31059 The server start command sometimes uses jvm.options for non-server processes PI31165 java.util.concurrent.RejectedExecutionException when default executor is dynamically updated PI31266 CWWKE0701E java.lang.ExceptionInInitializerError thrown from [com.ibm.ws.http.internal.VirtualHostImpl((79)] PI32649 Auto features that required an iFix were not previously installed by the featureManager install command but now are Liberty System Management PI28128 Pax archives not supported in file transfer upload through a collective Liberty z/OS PI19688 Outbound service from WSAS to CICS via WOLA hangs PI23547 When REU=Y some requests to override a link succeed when all should fail PI24444 WebSphere WOLA API calls failing with abend BBOX in CICS for CICS TS 5.2 PI24692 The WOLA three-part name allows mixed case while the CBIND class profile they must match requires upper-case PI26809 java/lang/StackOverflowError with loop in ntv_mapDirectByteBuff PI27687 java.lang.IllegalStateException: Native service for RRS transactional support is not active or available PI28915 CWWKB0227E message should be more accurate PI30941 An FFDC reporting a CTX4SWCH RC=368 is generated during server shutdown. Messaging Providers PI28278 Enabling Messaging Security may cause com.ibm.websphere.sib.exception.SIResourceException: uniqueUserId is null PI28473 Fix usability defects in JMS Performance Monitoring Tools PI28558 Monitor attribute cleanup PI28567 Application deployment occurs before all the system bundles are started while removing the monitor-1.0 feature PI28572 When SUN Java is used for Liberty server, the processCPUUsage metric does not report the right CPU usage PI32796 ClassNotFoundException occured while querying monitoring data with traditional PMI Mbean (Perf MBean) Plug-in PI27023 Intelligent Management enabled WebSphere Plug-in stops routing after an application is removed and added. Security PI08268 Information Disclosure in WebSphere Application Server PI17688 WASReqURL cookie might be overwritten if multiple login processes are performed PI17836 CWWKS4106E: LTPA configuration error when setting keysPassword in the server.xml, PI25808 Principal names or unique IDs containing special characters are not handled properly PI25813 Fix double-encoding of "state" parameter in OAuth flow PI25819 Parameter order should not matter for securityUtility command line tool PI25834 Exception could be thrown getting user registry during shutdown PI25843 Cancel button on default OAuth/OpenID Connect consent form pages does not work PI25853 Possible race condition could prevent access to keystore PI26165 The periodic Authentication Cache cleanup stops under certain OSGi DS timing conditions PI26166 Improvements to Javadoc accessibility for security SPIs and APIs PI26513 Change to make sure the RC4 ciphers are not used by default. PI26514 Improve the processing of multiple SSL configurations PI26947 User registry updates: Add getUsersForGroup method, do not require a user registry with appSecuirty-2.0 feature PI26962 NullPointerException from security collaborator PI27195 Intermittent SSL problem where the keystore information seems to be missing. PI27775 Remove unnecessary FFDC data while stopping the user registry PI27778 Support Japanese CP1399 codepage on z/OS PI28061 Add an option to track logged out LTPA tokens on a server so they cannot be used login on that server again PI28127 A Trust Association Interceptor cannot commit an HTTP servlet response to send a redirection PI28264 Expired tokens not cleaned from the token cache PI28371 Fix issue with OAuth/OIDC consent no longer being cached PI28395 User registry service is not ready for service and it causes creating the LTPA key to fail PI28432 Fix NPE during authorization. PI28600 Warning message CWWKS9112W may flood the logs when a security-role does not have valid run-as configuration PI29911 Potential Information Disclosure with Liberty profile servlets PI31385 Meta type is wrong for token limit per user and client PI31388 The OIDC and OAuth response on HTTP needs to be URL Encoded PI31396 An OAuth error message was hard-coded and did not exist in the message file PI31415 No message indicating OAuth endpoint service has started/is ready PI32465 Inconsistent behavior when OAuth20 configuration contains more than one identical filter. Session Initiation Protocol (SIP) Container PI10457 Allow configuring response code when a non-confirmed session is invalidated PI14132 SIP container does not handle error case where a UA uses the same to-tags in different responses. PI17820 SIP custom property dip.no.route.error.code is ignored if the application is down PI18729 SIP transaction is not being destroyed when application is un-deployed because of a timer PI20221 SIP container removes data from reason header if it contains white space PI20350 Unable to add Require: precondition to reliable 18x response PI20505 Negative PMI counter Systems Management Functions PI26676 Collective messages improvement PI26678 Singleton service fixes PI26826 Resolved multiple Frappe service registry and utility problems PI26840 Resolve multiple collective repository test failures PI26843 Resolve multiple collective member test failure problems PI26848 Failed to remove cluster member PI26855 Resolve multiple collective replica problems PI26858 Security utility writes XML files using default charset without XML declaration PI27277 Collective MBeans better report errors that occur when dependent services deactivate while in use. PI27588 Remote file transfer via collective controller not working with backslash path on Microsoft Windows PI28123 Extra information in log file PI29528 Wrong cluster member is being removed during startup of a different cluster member within the collective. PI31359 Resolved multiple Collective replication service issues PI32466 Resolve multiple collective repository issues PI32474 Resolve multiple collective singleton issues PI32622 Failed to deploy zip to a remote host Virtual Member Manager (VMM) PI25203 Propagation Login via external LtpaToken2 cookie does not create correct SecurityName when using Custom LdapRegistry Web 2.0 and Mobile Toolkit PI24470 Update to IBM Dojo Toolkit (idt) version 1.10.0 Web Container PI08280 Tag file is not found in loose configuration deployment PI20210 Request's parameters can be modified by the application (via string object modification). PI20514 If servlet init() method throws an exception then the remaining servlets in the web module are not initialized during startup. PI22830 404 not found error generated for a request without trailing slash PI24225 The servlet name was not output in the SRVE8500W message. PI25531 FFDC might be thrown by a filter when the server is shutting down PI25625 com.ibm.ws.webcontainer.webapp.WebApp.handleRequest NullPointerException PI26080 The configuration attributes for HTTP sessions should allow duration strings PI26812 ServletContext.getServerInfo() does not return version PI26852 Untranslated messages in the severe trace points PI27348 An empty string "" as the URL pattern of a servlet causes an unwanted 302 redirection and an exception PI27361 WebContainer Objects get nullified before final use, resulting in a NullPointerExceptions PI27362 The expected java.lang.IllegalArgumentException is not thrown when <distributable> element is added to web.xml PI27372 Call to getRequestDispatcher inside Filter init method causes an exception PI27373 General changes and updates to com.ibm.ws.webcontainer-8.0's metatype-mbeans.properties PI27556 Use of incorrect names in references in web.xml cause a NullPointerException PI27557 NullPointerException when there is an active request and the server is shutting down PI28404 Unable to generate a plugin-cfg.xml file when there is no http port declared in server.xml PI28603 ServletRequest.getRequestedSessionId() returns null for a client created jsessionId. PI31004 Cannot delete JSP using REST call Web Services (JAX-WS, JAX-RS) PI22648 PreDestroy method is not being called when class is to be destroyed PI26093 Info center documents use of LtpaAuthSecurityHandler, but we do not have this class available when using JAX-RS 1.1 PI26609 The com.ibm.websphere.appserver.thirdparty.jaxrs_1.03 bundle cannot be resolved when loading jars under dev folder PI26611 If there are multiple path parameter in a resource method, there is only one path parameter generated in its corresponding wadl PI27070 Support third-party JAX-RS providers when jaxrs-1.1 feature is configured PI28137 Redundant error message might be displayed if user defines different URL mapping in web.xml for webservice endpoint. Web Services Security PI26957 Cannot resolve com.ibm.websphere.appserver.thirdparty.wssecurity_1.0.1 bundle when using only wlp/dev directory. PI26959 Cannot read local cache file used in web services security configuration WMQ messaging providers PI12571 WorkCompletedException occurs when importing transaction via JCA PI16613 NullPointerException in FFDC coming from RecoveryManager.preShutdown PI19445 OSGi EBA applications intermittently fail to resolve PI25862 The osgi.jpa-1.0 feature is inexplicably superseded PI26314 Various small bug fixes related to OSGi Applications PI28889 Transaction log is created in the wrong location PI28983 XAFlowBackControl L3 diagnostic facility enabled in Liberty PI33257 Revised com.ibm.wsspi.uow javadoc to document new override of runUnderUow method on UOWManager PI05668 Bottom-up web services fails to generate the WSDL on the Mac using Java 1.7 hotspot 64-bit PI06904 Issue with JSF and WSRP PI07204 VerifyError JVMVRFY012 using OSGi applications PI08569 404 happens intermittently in Portal/WCM PI09148 Redeploying OSGi apps without restarting generates a ClassCastException PI09474 Default webapp error page is not provided PI09594 Potential Information Disclosure with Exception handling PI09596 NoClassdefFoundErrors for a particular JSP servlet. Causes permanent failure of loads PI09875 Not all JVM javax packages are available to applications PI09896 SRVE0288E appears at server startup PI09981 Explicitly configured RDN properties are not retrieved for users during login. PI10102 Subsystem-content with type=file in product extensions does not resolve relative to product extension location using with minify PI10300 Honor the searchTimeout property for login PI10769 AJAX form update with PrimeFaces 4.0 not rendering correctly PI10792 OpenJPA FetchJoin does not always get the correct result. PI11018 FileTransferMBean.deleteFile(String) method cannot delete an empty directory as documented in the javadoc. PI11348 CWWKS3002E message might be logged while switching user registry. PI11393 UIComponent.findComponent ignores overridden method findComponent of a NamingContainer. PI11569 NullPointerException from a JSF MyFaces implementation PI11628 OptimisticLockException may occur when JPA application uses Timestamp in @Version field PI11642 CWWJP9992E: openjpa.Enhance: Error PI11738 Spring load time weaving does not work with Liberty profile. PI11788 Blueprint bundles using JPA fail to start. PI12201 Application is redirected to HTTPs port of the applicaton server instead of IHS server port when confidential is set PI12245 Inserting facets causes IllegalStateException PI12399 Liberty server productInfo validate script fails after interim fix is installed PI12496 EmptyStackException when accessing an Instance that is created by a producer method that has an InjectionPoint as parameter. PI12546 Setting com.ibm.ws.logging.console.log.level=off still results in one line of output PI12549 When JAVA_HOME environment variable is set, Liberty Profile server does not start PI12737 OpenJPA runs superfluous select statement when calling EntityManager.persist(..) PI12939 JSP gets re-compiled redundantly if the owner of the JSP class is different than server ID that runs the server. PI13004 Serviceability apar to enhance dynacache tracing. PI13207 Transactional listeners added too late to observe begin event PI13291 NullPointerException generated when trying to get a file with spaces using getResourceAsStream() PI13560 Problems updating an application after a bad EBA has been installed PI13592 Server start fails to create default server on IBM i PI13616 OpenJPA-2286 ArgumentException: Attempt to compare incompatible types. PI13641 The secure JFAP chain does not start on time PI13914 java.sql.SQLException when performing a JPA query PI14007 Persistence unit defaults are ignored when there is more than one "mapping-file" element in persistence.xml. PI14034 Problem handling CDI interceptors PI14205 Prevent NullPointerException during WebApp shutdown PI14236 Deliver common install for Liberty profile repository features PI14290 Remove temporarily deployed artifacts PI14316 Liberty Profile restConnector does not release file handle after a file upload PI14340 No option to set Secure attribute for WASPostParam cookie PI14458 Quick restart of a Liberty Profile server results in port already in use error condition on Linux PI14513 Parent naming-container not reflected in client-ID PI14544 Blueprint application startup deadlocks when using a bean for a reference-listeners and the bean uses the reference PI14746 Memory leak in J2C PoolManager due to reaper alarms not being cancelled. PI14747 Parsing of ibm-web-ext.xml might fail using some XML parsers PI14841 z/OSMF V2R1 generates spurious ICH408I messages on user login PI15121 Liberty Profile is locking certain war files on Microsoft Windows preventing the undeploy process. PI15289 Issue with validation of strings with escaped commas PI15291 The package command fails with message CWWKE0070W indicating an invalid loose configuration file. PI15496 A join operation halts when the resouces/collective directory exists, but is empty. PI15513 No default charset is specified for a post transfer join action PI15549 Invoking isClosed() on native JDBC connection results in NullPointerException PI16286 Controller flight recorder missing from server dump PI16375 UnrecoverableKeyException: Cannot recover key: Invalid password for file PI16382 CertificateUtility tool does not provide a parameter for the user to set the key size PI16432 REST connector error "Argument type mismatch" when using CompositeData with byte [] PI16626 Basic authentication requests fail in Liberty Profile PI16652 Configuration support needed for z/OS Connect PI16667 Resource adapter stops immediately after it is started. PI16669 Liberty sets incorrect product registration values when running in CICS PI16677 z/OS local adapter support is missing PI16678 Abend 0C1 reported in Liberty Profile V8.5.5 when trace on and zosSecurity enabled. PI16718 java.lang.StringIndexOutOfBoundsException occurs when starting OSGi application PI16751 Help for "collective addReplica" does not explain "endpoint" PI16845 Install time for resource adapter or start up time for application is not formatted correctly for some languages. PI16961 Memory leak occurs for JAX-WS managed client if using ibm-ws-bnd to customize properties PI16987 Memory leak when WAB bundles are stopped and restarted PI17042 Unable to customize unique ID attributes for LDAP servers PI17233 The output of the --createConfigFile option for the collective command should use a variable rather than an absolute path. PI17246 The MBean information stored within the collective repository does not remove stale data across a restart. PI17399 The initial state of a joined or replicated server is not set for a new server registered to the collective. PI17457 Javacore file is packaged into the server dump in an incorrect encoding. PI17600 Collective members are unregistered unexpectedly. PI17624 The Apache foundation's CMS migration required modifying the xml schema namespace for OpenJPA extended ORM documents.. PI17634 Liberty server may hang when using the AdminCenter. PI17830 Changing the configuration of shared libraries can result in NoClassDefFoundError or ClassNotFoundException PI17879 Liberty generateClusterPluginConfig operation creates a plugin-cfg.xml file with extra entries that are not need PI18177 Add additional check in session manager to remove incorrect cloneIds if HttpSessionCloneId property is set. PI18279 z/OS local adapter support is missing PI18352 VMM makes too many LDAP JNDI calls with ibm-allGroups configured. PI18357 Add serviceability message to indicate missing login page or error page for form login PI18437 Failure to switch RRS context onto thread PI18467 binaryLog command missing expected results on filtering based on IncludeMessage filter. PI18548 SSL context gets changed during execution of application, causing handshake issue between servers PI19025 ClassNotFoundException in Liberty Profile when traditional PMI is enabled PI19123 The output of ws-schemagen.jar is incorrect for some child elements. PI19130 Server package command does not handle relative paths gracefully PI19143 Plugin config generation fails when no applications are defined PI19277 z/OS Connect service configured serviceGroupingName entry is missing from SMF 120 subtype 11 records. PI19790 NullPointerException during a z/OS Connect's attempt to access HTTP request data after the asynchronous request timed out. PI19830 Provide stack trace in FFDC when response already committed (SESN0066E) scenario occurs. PI19831 Applications fail to start when running Liberty servers in embedded mode without the Java agent. PI19843 getUserDisplayName is not returning the correct result per the configured attribute for user display name PI19845 Stop time for server is not formatted correctly for some languages. PI19901 On a restart the controller can end up in a bad state and not be able to start up. PI20025 A server package deployed through admin center deploy uses the host's default name, and not the deploy target host name. PI20027 No MBean exists to identify which Liberty server is being used. PI20170 Improve error message for installing wrong edition feature PI20176 Admin center explore visual representation improvements. PI20910 java.lang.IllegalStateException: BundleContext is no longer valid when undeploying application PI21284 Weaker than expected security when installing features with Liberty Repository PM96440 Bad login performance for the user if its is member of more number of groups. PM98767 When using Data-Direct Connect JDBC Driver for Oracle, the connection cleanup fails PM98768 Using CustomDataStoreHelper, TestConnection operation on Network Deployment edition fails with exception PM99129 Injection of datasource into CDI bean does not work correctly PM99163 A tag file is not found when an application is deployed with the option "Run server with resources within the workspace" PM99381 WSAT transaction failed when using JDBC and JPA together PI11264 Files without group write permission when installing from a group mode installation manager on z/OS PI05059 Fail to login to an application with SSLHandshakeException PI05139 Support certificate authentication to fail over to a form base logon PI05324 Potential Security vulnerability with JavaServer Faces (JSF) 2.0 PI05359 Tag attribute creates unnecessary string objects PI05419 FeatureUpdate failure in zos Liberty profile PI05509 Change description of maxConcurrency property to convey more details PI05525 StringIndexOutOfBoundsException thrown when URI is not normailzed PI05575 java.lang.NullPointerException may be thrown from the JAXB unmarshaller under load. PI05661 Potential Cross-site scripting vulnerability on OAuth PI05673 OpenJPA persistence.xml parameter roundTimeToMillisec causes cut-off of milliseconds in dates PI05703 Race condition in Liberty profile server on z/OS PI05749 Application resources are shut down before the application when shutting down a Liberty profile server PI05837 @Inject into non-CDI managed instances can intermittently fail PI05940 Liberty profile fails to package core dump on Linux PI05956 Provide an option to disable running of 'ALTER SEQUENCE ... INCREMENT BY' statement for sequences PI05977 EJB-in-WAR injection (JAX-RS) causes a ClassCastException PI06080 CDI application fails to start with WebBeansConfigurationException when a decorator bean class PI06211 Liberty Profile on IBM i does not properly load classes via a symbolic link PI06340 An applied interim fix is not detected and is not available at runtime. PI06613 A controller in a multiple-controller replica set fails to start. It never produces the 6011i message. PI06687 The initial placeholder configuration is not canceled resulting in an unneeded file in the controller's fdb directory. PI06699 The collective utility gives incorrect directions when a controller is replicated more than once to the same server. PI07519 Criteria API creates INNER JOIN instead of the expected LEFT OUTER JOIN PI07608 JSF MyFaces NavigationHandler throws a NullPointerException if current ViewId is null PI07636 Error changing server application publishing option from loose to non-loose config when using Oracle JDK causes failure. PI07726 Unclear error message when authentication data fails for JMS activation specification. PI07811 Cannot use SSL termination PI08109 When servlets are running premature deactivation of DataSourceService causes hangs and app restart PI08267 Potential denial of service with XML parser PI08333 The generated report message for timed operation need to be updated PI08354 Timed operation junk collection PI08401 Liberty Profile does not find the applications HandlerChain.xml file PI08455 Running collective join in a non-English language the signer trust prompt does not accept the non-English confirmation options. PI08462 Incorrect misleading error message output when installing Liberty Profile extensions archive on a incompatibly licensed Liberty install. PI08476 Common install kernel for WebSphere Liberty profile repository PI08496 Support for disabling the console bundle with Liberty profile on z/OS (Liberty/CICS) PI08641 java.lang.ArrayIndexOutOfBoundsException when using restConnector.jar PI08871 Support installing artifacts from WebSphere Liberty profile repository PI08874 Conversion errors from JMX REST connector PI09183 Allow container managed authentication for database session persistence PI09206 Some ESAs have an empty line in the OSGI-INF/SUBSYSTEM.MF file which causes extended content installation to fail PI09253 Third party security integration in Liberty profile server on z/OS PI09492 500 error occurs if serializing a cache object to persist to disk fails. PI09651 NullPointerException from LogViewer command PI09696 Self-extracting jar created using 'server package --include=usr' fails with error Failed to find license agreement files PI09715 Should be able to set up ISA DC wherever you want when installing Liberty core. PI09925 Port conflict message is not generated on Liberty profile collective controller PI09972 Cannot enable timedOperations report dynamically PI10049 Base enablement for JCA support PI10103 Support Certificate authentication to fail over to a Form Base Login PI10134 Potential Information Disclosure PI10294 JSP compile errors due to regular expressions PI10340 Restore com.ibm.ws.session.service.SessionManager interface PI10342 There are permission errors when accessing resources in the server's workarea directory using application syncToOSThread PI10505 ClassNotFoundException when the ServleltStatsMxBean is accessed from the Liberty Profile JMX client PI10925 Access logging does not appear to be dynamic PI11516 Re-enabling the HttpEndpoint on Liberty profile server does not work PI11949 WS-Adressing feature did not work correctly with JDK7 PI12051 Pooled threads have unexpected context class loaders PI12116 Application reports java.io.IOException: Exception in opening zip file PI12632 Allow defaultHttpEndpoint host to be overridden without configuration change. PI12926 commons-upload.jar vulnerability PI12983 Web request failure due to a NumberFormatException while decrypting an LTPA token. PI12984 Collective member servers do not have read access to the collective repository outside of /sys.was.* PI13273 Creating the collective configuration writes to WLP_OUTPUT_DIR but reads from WLP_USER_DIR PI14355 Authentication errors when running under stress PM43415 Registering tag library in JSPx with default XML namespace causes a NullPointerException PM62691 Native Query with specified result class can throw NullPointerException when return data contains a null-valued column PM81674 ELexpressions are not evaluated when preceded by two backslashes PM86470 Timing window causing java.lang.IllegalStateException PM87133 Performance Monitoring Infrastructure (PMI) ActiveCount may be inaccurate when a session is accessed by multiple threads. PM87880 Slashes used in OpenJPA method EntityManager.createNativeQuery is removed in the resulting JDBC query PM88291 Transactions rolled back silently when coordinated by the UOWManager PM89272 Liberty Profile server opens extra listener on ephemeral port and localhost PM89432 Isolation level is not working properly for JPQL queries with nested sub-queries. It is generating incorrect query. PM90293 Session manager makes an unnecessary call to the database to retrieve session information when multi-row session persistence. PM90626 function publishEvent is called with UIComponent.class instead of source.getClass according to spec Java doc PM90664 NullPointerException when using AnnotatedType via ProcessAnnotatedType on @stateless EJB PM91408 Result of aggregate function max is 0 on empty table (instead of null) PM91573 CDI app fails to start with AmbiguousResolutionException due to how parameterized types are detected for injection PM92677 The cookie does not get set in the browser PM92967 Issues with download of files greater than 8gb. PM92983 Custom feature is not loaded PM93750 JPA finder cache does not account for dynamic FetchPlans PM93829 Async servlet lost original identity after resume PM94033 Incorrect locking behavior with JPA PESSIMISTIC_LOCK mode PM94199 Servlet <error page> processing incorrect for <error-code> <exception-type> PM94792 Exceptions are thrown if there is a new line after ${. The JSP does not load correctly. PM95013 Creating OAuth 2 custom mediator sees NoClassDefFoundError PM95057 GPF in Liberty Profile server in ntv_registerProduct PM95097 Poor performance using WMQ JMS in Liberty Profile server only PM95110 Liberty Profile throws IllegalStateException when browser closed connection. PM95209 Configuration validation for the repository client heartbeat and timeout do not report when the configuration is out of bounds PM95293 The url connection created when using the wsjar protocol does not properly implement the getContentLength() method. PM95300 When servers leave or join a cluster group no notification is printed in the log file. PM95424 Add secure flag to WASReqURL cookie for Liberty Profile PM95534 When the aged timeout is set beyond integer range a negative value is returned PM95662 The attribute 'ID' is not a recognized attribute for the element 'wasJmsEndpoint' PM95964 CWWKB0105E error when loading z/OS native code in a Liberty profile server. PM96057 No cache control headers were received from WebSphere Application Server OAuth. PM96140 Configuration in web.xml to load JSP during application initiation is not working. PM96163 JSPs with references to tag files fail with SRVE0777E PM96235 Unhandled exception during the initialization of the ServletContainerInitializer PM96357 OpenJPA: Version field returns NULL when explicity projected from a JOIN in select clause PM96443 Liberty Profile server starts despite port conflict failure in http endpoint/channel. PM96445 OpenJPA ExternalValue mapping works incorrectly with CriteriaAPI multiselects PM96464 NullPointerException thrown when determining the active user registry from the user registry service PM96532 Setting converterId breaks converter selection by type. PM96613 JSF.js: Calling JSF.getViewState() with a direct reference to a element throws an exception PM96659 Entity object instance generated by native SQL query may have null embeddable field PM97023 Console output for server start command does not currently indicate server startup failures. PM97079 Expose receive action permission for temporary destination queue PM97228 An exception can occur when an LTPA token timeout occurs and the CDI WebBeansConfigurationListener accesses the session PM97353 Compilation errors when a JSP contains an auto increment variable. PM97510 Stackoverflow in OpenJPA due to endless recursive calls in 'isLoaded' PM97514 Unable to associate different applications to differing HTTP endpoints PM97549 Liberty Profile for z/OS registers with IFAUSAGE using the wrong product owner. PM98149 Liberty Profile throws a NullPointerException from HttpDispatcherLink.sendResponse. PM98238 Inconsistent resolution of the variables in f:ajax@listener MethodExpressions PM98245 Liberty Profile web container does not destroy servlet when UnavailableException occurs PM98301 z/OS Liberty Profile server does not unregister with IFAUSAGE at server shutdown PM98409 NullPointerException occurred on Liberty Profile when performing programmatic isUserInRole check. PM98421 CData section in web.xml causes Liberty profile RuntimeException PM98653 Queries with a sort clause return fewer entries than the same query that does not have a sort clause. PM98732 Web services caching does not work properly dynacache changes the configuration value of required in components PM99374 JPA version field in a projection always returned as an integer PM99378 Allow Liberty profile to return jar URLs rather than wsjar URLs from classloaders. PM99775 Interim fixes do not apply new feature manifests PM99783 Batch update fails due to java.sql.SQLException: Unsupported feature and -2 return code from Oracle JDBC driver PM86131 Error message CWWKS2910E with internal error code 0x02008002 may occur in stress environment with SAF security enabled. PM90352 SRVE0315E: An exception occurred: com.ibm.ws.webcontainer.webapp.web PM98907 Remove unneeded data in database analyzer and logs PM78466 Properties files in a directory in an ear file are not added to the classpath of a war inside the ear PM78567 java.net.MalformedURLExceptions are thrown when attempting to access URLs when multiple non-OSGi applications are installed PM79227 No property to disable the Liberty Profile Server welcome page PM80457 Server.xml is not honoring attributes for logging tag PM82758 Unable to retrieve list of users from LDAP registry when using getUsers() PM82831 Java.lang.NoClassDefFoundError during startup of Liberty Profile, shared library not available. PM83557 IllegalStateException while processing transactions. PM83572 Type2 datasource transactional="false" fails PM84523 CWWKC0060W for VT_CLASS_RESOURCE in WLP not documented PM85517 Message CWWKC0044W does not contain information necessary to debug problem PM85520 JSPs inside directories are not pre-compiled PM85563 FFDC reports contains excessive redundant information PM85564 EJB application exceptions not output to messages log PM85565 Unable to resolve included nested configuration located outside wlp\usr directory PM85566 IllegalStateException when removing transaction feature from the server configuration PM85567 IllegalMonitorStateException observed in trace incident reports PM85568 httpOnlyCookies configuration attribute not honored PM85569 Minor updates to transaction functionality PM85570 Configuration validation error when there is whitespace in empty elements PM85571 Configuration changes can be lost PM85574 JSP taglibs not available to the tools PM85653 Some HTTP requests are not served correctly PM85656 NoClassDefFoundError: com.ibm.ws.jsf.util.FacesMessages PM85657 Unexpected java.lang.IllegalArgumentException FFDC PM86037 SRVE8043E error when Liberty Profile is installed in path that has spaces PM86263 A web application throwing a RuntimeException prevents the servlet from being loaded PM86268 Application stop waits for 30 seconds when stopping server PM86271 Tools add wrong jars to client classpath PM86272 Extra information in trace.log PM86273 Untranslated message in log CWRLS0010_PERFORM_LOCAL_RECOVERY PM86275 Java.lang.ClassNotFoundException running SecurityUtility and ProductInfo commands PM86277 Some extra annotated fields are appearing in ffdc reports PM86278 File monitor returns duplicate entries for deleted directories PM86279 JPALookupDelegateImpl deactivate is not the inverse of activate PM86281 Error: Could not find or load main class when running isadc command PM86285 When using simple TAI Liberty Profile returns a 401 error when expecting a 403 error PM86287 System properties not applied over bootstrap properties PM86288 BundleException is thrown when there is only the beanvalidation-1.0 feature enabled PM86289 Throwing a RuntimeException from FileMonitor can stop all file monitoring PM86290 Translation error in help in French securityUtility PM86291 SecurityUtility fails with 0 exit value PM86292 Can not override the default JSP expression factory implementation. PM86293 Log message CWWKZ0019I incorrectly suggests the application is not completely started PM86294 JSP includes <%@include file="xxx.jsp" %> reports no error if file not found PM86299 Liberty Profile support for one way hash PM86304 REST connector client has JSONConverter marshalling problem for empty HashMap PM86305 Error CWWKZ0056E if there are spaces in the drop-ins location filename PM86306 Incorrect class version loaded by OSGi PM86307 productInfo compare does not take interim fixes on target into account PM86308 Running with session in memory and using the HTTP plugin, sessions may be lost PM86309 z/OS native launcher does not support PID_DIR and PID_FILE PM86310 OSGi application performance issue PM86311 State mismatch running Oauth with multiple iterations PM86315 Need to support the png mime-type by default PM86316 A dump or javadump action directed to a server with an empty --include= generates an incorrect error message. PM86318 Organize session config options into groups for Eclipse tooling PM86319 Server JMX connection fails if the network connection is changed while the server is started PM86321 Kernel launcher issues PM86322 A redirected HTTPs request with invalid port number receives a vague error message PM86323 ApplicationMonitor config element not dynamic PM86324 CWWKS2911E appears in logs 5 times for one error PM86325 Service difficulties due to bundle ordering issues PM86326 Excessive FFDC for BundleException PM86328 Inaccurate timestamps PM86329 NullPointerException in DropinMonitor.tidyUpMonitoredDirectory PM86330 Unconditional xx:MaxPermSize warning when using server script PM86332 Command "server start <server>" fails when umask is set to other than 000 PM86333 Server.env does not override system.env if it contains an uncommented string in first line (liberty.env) PM86334 CWWKS security messages unclear PM86336 Tools show "Classloader Service" for the config entry for classloader PM86337 AuthCache sizes do not specify a valid range PM86339 Server config reports a nested element is removed when present PM86342 Default error page does not show HTML PM86343 Trace specification not using current format PM86345 NullPointerException in jpaemfactory.isOpen if EM factory not created PM86346 Applications attempt to start twice using RAD "RunAs" for JEE ear PM86348 The exception message was null when using unknown tags in server.xml PM86349 Keystore problem does not give a clear exception message PM86350 Improve message for missing data-source configuration PM86353 ABEND0EC3 with reason code 20F00400 in Liberty Server PM86629 Enable transaction logging to an rdbms PM86635 Application does not appear to have started PM86636 Server config application element type attribute picks up default from location attribute PM86895 java.lang.NoClassDefFoundError for javax.ws.rs.core.Application PM87131 Oauth could allow a remote attacker to obtain someone else's credentials PM87412 ProductInfo compare command output can be confusing when checking APAR inclusions. PM87511 NullPointerException when web.xml has a reference mismatch. PM87603 ExecutorService does not handle incorrect configuration nicely. PM87604 Missing JNDI feature diagnostic improvement PM87718 Improve performance for session database multi-row PM87719 Javax.faces.el.MethodNotFoundException: java.lang.NullPointerException PM87724 Improve values in generated plugin-cfg.xml file PM88023 Numerous FFDC files are being created for an exception. PM88040 Improvements to stack trace and logging [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m0z0000001ipVAAQ","label":"Download Documents (Bulletins, iFixes, Fixpacks)"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5;CD0","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]